Open hats-bug-reporter[bot] opened 5 months ago
Sorry, but the scenario you propose is extensively tested in these two tests below with 4 owners:
If the case you raise is not covered by these Unit-Tests, please indicate exactly the attack pattern or failure scenario that you indicate and I will be glad to verify it.
Additional clarify this statment: This results in only the first valid signature being included in the concatenatedSignatures array, ignoring any subsequent valid signatures for the same owner
each owner only sign one time, not multiples times? can you check the Unit-Test and provide a more clear example about it!!
Github username: -- Twitter username: -- Submission hash (on-chain): 0xaddd158c9356b53616dbca3a7f6f2e63bbe511da1dc3456403cebec50c3e76c3 Severity: medium
Description: Description\ Description The
processAndSortSignatures
function in the Helpers contract is designed to process and sort signatures for a Safe Multisig Wallet transaction. However, the current implementation only includes thefirst
valid signature for each owner and ignores any subsequent valid signatures. This behavior can lead to incomplete signature validation and potential issues in transaction processing, especially when thecheckNSignatures
function in safe contract requires multiple valid signatures to meet the threshold.Attack Scenario\
Attachments
Proof of Concept (PoC) File
Flow Explanation
Issue
-The break statement in the inner loop causes the function to stop checking for additional valid signatures for the current owner after finding the first valid signature.
-This results in only the first valid signature being included in the concatenatedSignatures array, ignoring any subsequent valid signatures for the same owner.
-When the checkSignatures function is called, it may fail if the
threshold
is greater than 1, as theprocessAndSortSignatures
function does not return all valid signatures.