requireNextActiveMultisig() FUNCTION RETURNS ALWAYS THE ADDRESS OF THE FIRST ENABLE MULTISIG
#190
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-702
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
3 (High Risk)
C4-Staff
added a commit
that referenced
this issue
Jan 6, 2023
|
GalloDaSballo marked the issue as duplicate of #702 |
c4-judge
added
the
satisfactory
|
GalloDaSballo marked the issue as satisfactory |
c4-judge
added
2 (Med Risk)
|
GalloDaSballo changed the severity to 2 (Med Risk) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MultisigManager.sol#L80-L91
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L236
Vulnerability details
MultisigManager.solfunctionrequireNextActiveMultisig()will always return the first enabled multisig address instead of the next one.Impact
Only the first registered multisig address is always assigned to a pool, making the rest of the registered multisig addresses useless. And therefore less decentralized.
Proof of Concept
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L236
createMinipool()function onMiniPoolManager.solcallsmultisigManager.requireNextActiveMultisig()to assign a new multisig to the current pool.https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MultisigManager.sol#L80-L91
But the
requireNextActiveMultisig()function onMultisigManager.solalways returns the first enabled multisig address, as it traverses all multisigs by index from0tocountand returns the first enabled one instead of the next one:Tools Used
vscode, Foundry
Recommended Mitigation Steps
If the protocol intends to get the next multisig address as the function name
requireNextActiveMultisig()says, a good fix would be to keep track of the last assigned multisig address onMinipoolManagerand start traversing all multi sig from that index instead of from position0.The text was updated successfully, but these errors were encountered: