Closed sherlock-admin3 closed 2 months ago
bareli
Medium
paymentReceiver should be payable.we are not checking that.
function createWallet( address[] calldata owners, uint256 threshold, InitializationScript.InitCall[] calldata initCalls ) external whenNotPaused returns (address) { address safe = proxyFactory.createProxyWithNonce( safeSingleton, abi.encodeWithSelector( ISafe.setup.selector, owners, threshold, initializationScript, // Contract with initialization logic abi.encodeWithSelector(InitializationScript.initialize.selector, rumpelModule, rumpelGuard, initCalls), // Add module and guard + initial calls compatibilityFallback, // fallbackHandler address(0), // paymentToken 0, // payment @> address(0) // paymentReceiver ), saltNonce[msg.sender]++ // For deterministic address generation );
paymentReceiver should b a payable address as we are sending tokens.
https://github.com/sherlock-audit/2024-07-sense-points-marketplace/blob/main/rumpel-wallet/src/RumpelWalletFactory.sol#L59
Manual Review
function createWallet( address[] calldata owners, uint256 threshold, InitializationScript.InitCall[] calldata initCalls ) external whenNotPaused returns (address) { address safe = proxyFactory.createProxyWithNonce( safeSingleton, abi.encodeWithSelector( ISafe.setup.selector, owners, threshold, initializationScript, // Contract with initialization logic abi.encodeWithSelector(InitializationScript.initialize.selector, rumpelModule, rumpelGuard, initCalls), // Add module and guard + initial calls compatibilityFallback, // fallbackHandler address(0), // paymentToken 0, // payment @!> payable( address(0) )// paymentReceiver ), saltNonce[msg.sender]++ // For deterministic address generation );
bareli
Medium
paymentReceiver should be a payable address
Summary
paymentReceiver should be payable.we are not checking that.
Vulnerability Detail
function createWallet( address[] calldata owners, uint256 threshold, InitializationScript.InitCall[] calldata initCalls ) external whenNotPaused returns (address) { address safe = proxyFactory.createProxyWithNonce( safeSingleton, abi.encodeWithSelector( ISafe.setup.selector, owners, threshold, initializationScript, // Contract with initialization logic abi.encodeWithSelector(InitializationScript.initialize.selector, rumpelModule, rumpelGuard, initCalls), // Add module and guard + initial calls compatibilityFallback, // fallbackHandler address(0), // paymentToken 0, // payment @> address(0) // paymentReceiver ), saltNonce[msg.sender]++ // For deterministic address generation );
Impact
paymentReceiver should b a payable address as we are sending tokens.
Code Snippet
https://github.com/sherlock-audit/2024-07-sense-points-marketplace/blob/main/rumpel-wallet/src/RumpelWalletFactory.sol#L59
Tool used
Manual Review
Recommendation
function createWallet( address[] calldata owners, uint256 threshold, InitializationScript.InitCall[] calldata initCalls ) external whenNotPaused returns (address) { address safe = proxyFactory.createProxyWithNonce( safeSingleton, abi.encodeWithSelector( ISafe.setup.selector, owners, threshold, initializationScript, // Contract with initialization logic abi.encodeWithSelector(InitializationScript.initialize.selector, rumpelModule, rumpelGuard, initCalls), // Add module and guard + initial calls compatibilityFallback, // fallbackHandler address(0), // paymentToken 0, // payment @!> payable( address(0) )// paymentReceiver ), saltNonce[msg.sender]++ // For deterministic address generation );