Lucene search
K

4 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.23 views

CM can delegatecall to any address and bypass all restrictions

Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig CM actions within the protocol to only specific contracts and methods. This is achieved by implementing a checkTransaction method, which is invoked by the CM GnosisSafe before every...

8.2AI score
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.17 views

Pausing the GuardCM does not work because the governorCheckProposalId is never set

Lines of code Vulnerability details Impact Since the governorCheckProposalId of the proposal to check the activity of the governance is never set in GuardCM, the CM can never pause GuardCM, even if the governance is inactive. This will result in a stagnation of the protocol since no significant...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.19 views

CM can exploit a pause in GuardCM to gain permanent unrestricted access

Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig CM actions within the protocol to only specific contracts and methods. Under specific circumstances, the protocol allows the guard to be paused, which temporarily pauses the guard and...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

When unpausing the GuardCM, not setting governorCheckProposalId to 0 puts the assets of the protocol at risk

Lines of code Vulnerability details Impact If the GuardCM was paused once, the community multisig CM can pause it again without checking for the governances activity. This moves the power within the system from the governance to the CM and can, in the worst case, result in the lose of all funds o...

7.1AI score
Exploits0
Rows per page
Query Builder