Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-ARBITRUM-FINDINGS-ISSUES-250
HistoryAug 10, 2023 - 12:00 a.m.

SecurityCouncilMemberSyncAction : perform function can be continually DOSed which will prevent the valid update the members of the gnosis safe

2023-08-1000:00:00
Code4rena
github.com
4
securitycouncil
dos attack
valid update
nonce value
authorized caller
updatedmembers
access control
JSON

Lines of code

Vulnerability details

Impact

The _securityCouncil update will be prevented by continuously calling the perform function. Since the function rely on the nonce value, this function can be continuously called and nonce value is updated.
This would prevent the valid security council update since the nonce is lesser than the input value.

Proof of Concept

As we can see the perform function is public and anyone can call this.

In order to execute the council update, the calculated nonce value should be greater than previous nonce value.

But, if the _securityCouncil is known, anyone can call with empty _updatedMembers array and update the nonce value.

So, valid update will be prevented due to this.

Tools Used

Manual review.

Recommended Mitigation Steps

Following methods are suggeted.

  1. Allow that this function would be called by the authorized caller.
  2. Ensure that the _updatedMembers is not empty.

Assessed type

Access Control

The text was updated successfully, but these errors were encountered:

All reactions

JSON