Description:Description\
An organization may have updated it's depthTreeLimit to a value of 10, because of business requirements. Then if the same org wants to create new root safe and call createRootSafe, depthTreeLimit for it would be reset back to 8:
If the original root already has created a tree with 9 children, this would mean that right now it is in an invalid state. Another problem is that organization waste gas to call once again updateDepthTreeLimit to make it again 10.
Attack Scenario\
In the Description section I have explained a scenario on how an organization may "suffer" the consequences.
Attachments
Proof of Concept (PoC) File
Will provide if needed
Revised Code File (Optional)
Add additional argument (bool resetDepthTreeLimit) to createRootSafe, so caller safe can specify it. Also check whether depthTreeLimit[org] <= 8
Github username: -- Twitter username: -- Submission hash (on-chain): 0xdd47bedcf75c314a5c3d27cbaa96421abccc0c4eafb1cad981acf21c83da61ee Severity: medium
Description: Description\ An organization may have updated it's
depthTreeLimit
to a value of 10, because of business requirements. Then if the same org wants to create new root safe and callcreateRootSafe
,depthTreeLimit
for it would be reset back to 8:If the original root already has created a tree with 9 children, this would mean that right now it is in an invalid state. Another problem is that organization waste gas to call once again
updateDepthTreeLimit
to make it again 10.Attack Scenario\ In the
Description
section I have explained a scenario on how an organization may "suffer" the consequences.Attachments
Proof of Concept (PoC) File Will provide if needed
Revised Code File (Optional) Add additional argument (
bool resetDepthTreeLimit
) tocreateRootSafe
, so caller safe can specify it. Also check whetherdepthTreeLimit[org] <= 8