Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA-01 MitigationConfirmed #15

Open
c4-bot-2 opened this issue Apr 10, 2024 · 3 comments
Open

QA-01 MitigationConfirmed #15

c4-bot-2 opened this issue Apr 10, 2024 · 3 comments
Labels
mitigation-confirmed MR-QA-01 satisfactory satisfies C4 submission criteria; eligible for awards

Comments

@c4-bot-2
Copy link
Contributor

Lines of code

Vulnerability details

https://github.com/code-423n4/2024-03-coinbase/blob/e0573369b865d47fed778de00a7b6df65ab1744e/src/SmartWallet/MultiOwnable.sol#L102

Issue Report

QA-01: All Smart Wallet funds will be lost if users remove all owners

Details

Issue#181

An oversight was found in removeOwnerAtIndex where all owners could be removed including the last owner. This presents a significant risk that can potentially lead to loss of funds if all owners loose access.

Mitigation

PR#43

  • The modified version of removeOwnerAtIndex now includes a check to ensure that the operation does not proceed if attempting to remove the last owner.

Loc:

function removeOwnerAtIndex(uint256 index, bytes calldata owner) external virtual onlyOwner {
        MultiOwnableStorage storage $ = _getMultiOwnableStorage();
        if ($.nextOwnerIndex - $.removedOwnersCount == 1) {
            revert LastOwner();
        }

        _removeOwnerAtIndex(index, owner);
    }
  • A function was added to be able to remove last owner to allow for revocation of last owner if need be.

Loc:

function removeLastOwner(uint256 index, bytes calldata owner) external virtual onlyOwner {
        MultiOwnableStorage storage $ = _getMultiOwnableStorage();
        uint256 ownersRemaining = $.nextOwnerIndex - $.removedOwnersCount;
        if (ownersRemaining > 1) {
            revert NotLastOwner(ownersRemaining);
        }

        _removeOwnerAtIndex(index, owner);
    }

Suggestion

The number 1 is used to check if there's only one owner left. While understandable, using magic numbers directly in code can be considered poor practice. Define a constant at the beginning of your contract to give context to this value.

uint256 private constant MIN_OWNERS = 1;

Conclusion

This fix succesfully mitigates the issue#181
c4-bot-7 added a commit that referenced this issue Apr 10, 2024
@c4-bot-7
cheatc0d3 issue #15
f91a774
@c4-judge
Copy link

3docSec marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Apr 11, 2024
@c4-judge
Copy link

3docSec marked the issue as confirmed for report

@c4-judge c4-judge added the confirmed for report This issue is confirmed for report label Apr 11, 2024
@c4-judge
Copy link

3docSec marked the issue as not confirmed for report

@c4-judge c4-judge removed the confirmed for report This issue is confirmed for report label Apr 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
mitigation-confirmed MR-QA-01 satisfactory satisfies C4 submission criteria; eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@c4-judge @c4-bot-2