QA-01 MitigationConfirmed #9
Labels
confirmed for report
This issue is confirmed for report
mitigation-confirmed
MR-QA-01
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
Vulnerability details
Comments
The protocol wallet owners have cross chain methods to manage owners.
Vulnerability details
The root cause is in the one of the owner managing methods that can remove all wallet owners leaving wallet funds locked inside and also locking any other interaction with the wallet.
The method in question is :
removeOwnerAtIndex
that can remove all assigned wallet owners.Mitigation
The issue is successfully remediated by applying the PR
The patch adds this check that prevents the
removeOwnerAtIndex
to remove all owners.The variable
nextOwnerIndex
andremovedOwnersCount
used in the previous check are correctly accounted for.Suggestions
Consider adding this newly added method named removeLastOwner to the list of cross chain callable methods for managing wallet owners.
Notes
The same PR also:
Conclusions
Successful Mitigation
The text was updated successfully, but these errors were encountered: