Lucene search
K

10 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.11 views

TRANSACTION EXECUTION IS DoS IN THE CROSS-CHAIN GOVERNANCE CONTRACTS AND IN THE GNOSIS SAFE COMMUNITY MULTISIG TRANSACTION CHECKS SINCE THE WRONG payload IS EXTRACTED FROM THE data BYTES ARRAY

Lines of code Vulnerability details Impact The GuardCM.verifyBridgedData function is used to verify the bridged data for authorized combinations of targets and selectors in the Gnosis Safe community multisig. The data payload is passed into the verifyBridgedData function which is then unpacked...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.35 views

Cross-Chain Signature Replay Attack

Lines of code Vulnerability details Impact 1. User operations can be replayed on smart accounts accross different chains. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead to. 2. Mistakes made on one chain can be re-applied to a new...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.25 views

The same console addresses on other chains can be captured by compromised or malicious owner

Lines of code Vulnerability details Impact The same order of owners addresses lets generate the same console address on all chains. But any owner from the list can deploy console accounts on other chains with threshold parameter equals 1 and then change owners in these accounts, i.e. capture thes...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.8 views

Lack of Input Validation on threshold and _owners

Lines of code Vulnerability details Impact Unvalidated inputs can lead to unexpected contract behaviors, including but not limited to, incorrect configurations, locked funds, or erroneous operations. In extreme cases, it could also lead to security vulnerabilities if malicious actors can exploit...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.17 views

Executor can effectively bypass _checkSubAccountSecurityConfig by adding a new Module

Lines of code Vulnerability details Impact An Executor is an account authorized to perform module execution on a subAccount through the ExecutorPlugin. Gnosis Safe Modules manage to bypass the entire guard logic Safe 1.5 has that new guard hook, but there's also no hook logic done in Brahma. For...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.9 views

Signed data may be usable cross-chain

Lines of code Vulnerability details Impact The function validatePreTransactionOverridable, which Validates a txn on guard before execution, for Brahma console accounts.takes one parameter "txParams" which is of type SafeTransactionParams Struct, if we look at that struct members : struct...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.34 views

Malicious Module can change the policy commit of a Gnosis Safe console Account

Lines of code Vulnerability details Impact The overall design of the Gnosis safe allows for the addition of a Module, modules are smart contracts that extend the ability of the Gnosis safe, which means that a module can be setup in such a way that it can perform actions that is meant to improve t...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.13 views

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.10 views

Upgraded Q -> M from 696 [1666361742731]

Judge has assessed an item in Issue 696 as Medium risk. The relevant finding follows: L05 - Usage of trasfer over call to send Ether could cause unexpected Reverts payablepayAddress.transferpayAmt; // royalty transfer to royaltyaddress The function payEther sends ether via transfer which passes a...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.11 views

Upgraded Q -> M from 270 [1655579826704]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: Gas stipend for payable.send may be too low for contract wallets ETH withdrawals in both the minter and token contracts use payableaddress.send to transfer ether to the vault address. If the configured vault is ...

6.8AI score
Exploits0
Rows per page
Query Builder