Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-10-BRAHMA-FINDINGS-ISSUES-458
HistoryOct 20, 2023 - 12:00 a.m.

The WalletRegistry.sol#registerWallet() function can be used to register wallet by anyone.

2023-10-2000:00:00
Code4rena
github.com
1
walletregistry
registerwallet
vulnerability
access control
exploitation
mitigation

AI Score

7

Confidence

High

JSON

Lines of code

Vulnerability details

Impact

Anyone can register wallet allowing anyone to set the iswallet[msg.sender] to true for themselves allowing them to exploit other functions.

Proof of Concept

From the comment on the registerWallet() function below, the registerWallet() function Can only be called by safe deployer or the wallet itself. However, anyone can call the registerWallet() function to set the isWallet state as there is no access control.

 /**
     * @notice Registers a wallet
     * @dev Can only be called by safe deployer or the wallet itself
     */
    function registerWallet() external {//@audit anyone can call this function and set isWallet state.
        if (isWallet[msg.sender]) revert AlreadyRegistered();
        if (subAccountToWallet[msg.sender] != address(0)) revert IsSubAccount();
        isWallet[msg.sender] = true;
        emit RegisterWallet(msg.sender);
    }

Tools Used

Manual review of comments and implementation of the function.

Recommended Mitigation Steps

Add access control to the registerWallet() function to ensure that only safe deployer or the wallet itself can call the the function as mentioned in the function comment.

Assessed type

Access Control

The text was updated successfully, but these errors were encountered:

All reactions

AI Score

7

Confidence

High

JSON