3 matches found
M-03 Unmitigated
Lines of code Vulnerability details Impact The mitigation updates the following AmbireAccount.execute function by adding nonce++ in the scheduled != 0 && !isCancellation if block within the sigMode == SIGMODERECOVER || sigMode == SIGMODECANCEL if block. However, this does not fix M-03: Recovery...
It is possible that recovery transaction cannot be performed even if signer still controls address that is an address of recoveryInfo.keys
Lines of code Vulnerability details Impact When a signer's privileged address is compromised, this signer can call the following AmbireAccount.execute function with sigMode being SIGMODERECOVER by using a signature signed by an address of recoveryInfo.keys that is still controlled by such signer ...
Requirement for having timelocks on recovery transactions is not enforceable
Lines of code Vulnerability details Impact When calling the following AmbireAccount.execute function with sigMode being SIGMODERECOVER, a recovery transaction can be scheduled if requireprivilegessignerKeyToRecover == recoveryInfoHash, 'RECOVERYNOTAUTHORIZED' and requireisIn,...