Open hats-bug-reporter[bot] opened 1 week ago
Non-Issue, is the SuperSafe act bad, the RootSafe can updateSuper of all childSafe of this bad actor (SuperSafe), and after removeSafe and avoid any malicious action/behavior over the onChainOrganization.
Github username: -- Twitter username: SBSecurity_ Submission hash (on-chain): 0x4bf9fb0f7a5e757e1bdfc41e8bcac5afd2d233fadb7969bd846c0e89721dc678 Severity: medium
Description: Description\ Root can set SAFE to be SUPER, and the SUPER can add children.
ROOT can also remove the SUPER of any child with updateSuper(), allowing the ROOT to update the child SUPER (Father).
But SUPER can front run updateSuper() call by adding a lot SAFEs as children since there is no limit. Which will cause updateSuper() to run out of gas and SUPER cannot be removed.
Attack Scenario\
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) Limit the children count that every SUPER can add, and allow every Child to change its SUPER, that will remove the for loop