Open hats-bug-reporter[bot] opened 1 week ago
same issue in updateSuper
Non-issue @0xmahdirostami because in both case are not limitation to addSafe to an ChildSafe or an SuperSafe in any level, and is the same for updateSuper, the newSuperID can or can't be a superSafe before to update, the update super is only for change a leaf of the tree from one leaf to another leaf (oldSuperSafe to newSuperSafe), only that!! and verify and update the role if is necessary
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x93fccb92b363ffdf511e64f3b1acb16fa808c07792bc8eac27a02d51ceb892a0 Severity: medium
Description: Description: The
addSafe
function does not check if the providedsuperSafeId
is in a removed state. This oversight can lead to a scenario where a removed safe ID is incorrectly set as asuperSafeId
, potentially causing logical inconsistencies and security issues.Impact: Allowing a removed safe ID to become a
superSafeId
can compromise the integrity of the hierarchical structure of safes. safes, that are removed, but not disconnected shouldn't become super safe again.Mitigation: Add a check to ensure that the
superSafeId
is not in a removed state before proceeding with the addition of the new safe.