0xmahdirostami
commented
1 week ago same issue in updateSuper
Open hats-bug-reporter[bot] opened 1 week ago
0xmahdirostami
commented
1 week ago same issue in updateSuper
alfredolopez80
commented
1 week ago Non-issue @0xmahdirostami because in both case are not limitation to addSafe to an ChildSafe or an SuperSafe in any level, and is the same for updateSuper, the newSuperID can or can't be a superSafe before to update, the update super is only for change a leaf of the tree from one leaf to another leaf (oldSuperSafe to newSuperSafe), only that!! and verify and update the role if is necessary
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x93fccb92b363ffdf511e64f3b1acb16fa808c07792bc8eac27a02d51ceb892a0 Severity: medium
Description: Description: The
addSafefunction does not check if the providedsuperSafeIdis in a removed state. This oversight can lead to a scenario where a removed safe ID is incorrectly set as asuperSafeId, potentially causing logical inconsistencies and security issues.Impact: Allowing a removed safe ID to become a
superSafeIdcan compromise the integrity of the hierarchical structure of safes. safes, that are removed, but not disconnected shouldn't become super safe again.Mitigation: Add a check to ensure that the
superSafeIdis not in a removed state before proceeding with the addition of the new safe.