Anyone can register wallet allowing anyone to set the iswallet[msg.sender] to true for themselves allowing them to exploit other functions.
From the comment on the registerWallet() function below, the registerWallet() function Can only be called by safe deployer or the wallet itself. However, anyone can call the registerWallet() function to set the isWallet state as there is no access control.
/**
* @notice Registers a wallet
* @dev Can only be called by safe deployer or the wallet itself
*/
function registerWallet() external {//@audit anyone can call this function and set isWallet state.
if (isWallet[msg.sender]) revert AlreadyRegistered();
if (subAccountToWallet[msg.sender] != address(0)) revert IsSubAccount();
isWallet[msg.sender] = true;
emit RegisterWallet(msg.sender);
}
Manual review of comments and implementation of the function.
Add access control to the registerWallet() function to ensure that only safe deployer or the wallet itself can call the the function as mentioned in the function comment.
Access Control
The text was updated successfully, but these errors were encountered:
All reactions