Lines of code
<https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/auth/MultisigBase.sol#L44-L77>
<https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/auth/MultisigBase.sol#L159-L161>
<https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/util/Caller.sol#L18>
Multisigβs functionality is impaired when Signers#threshold is 1.
Imagine the Signers#threshold is 1, so an individual signer is possible claim all the funds from Multisig without the need for other signers to vote.
It is logical that at least 2 people should vote, but this is forgotten in MultisigBase contract.
Iβm gonna explain it in the following scenario:
Imagine Signers#threshold is 1 and Multisig has 1 ether balance
A signer calls the below function (for the first argument he enters his own contract address which supports receiving ether, for second arg he enters a payable function selector which exists in his contract or leaves it empty because his contract has a payable fallback function, and for third arg he enters the Multisig contract balance or an amount of ether):
function execute(
address target,
bytes calldata callData,
uint256 nativeValue
) external payable onlySigners {
_call(target, callData, nativeValue);
}
Contract enters to OnlySigners and all the checks will be passed (Remember that the threshold is set to 1)
Contract enters to _call function which checks there is enough balance and then it transfers the funds.
Manual Review
Edit the following line in MultisigBase#_rotateSigners:
if (newThreshold < 2) revert InvalidSignerThreshold();
Invalid Validation
The text was updated successfully, but these errors were encountered:
All reactions