There is no checking whether the ExecutorPlugin module has been activated or not on the sub-account, this can cause malfunctions if the user wants to execute tx via ExecutorPlugin

Lines of code Vulnerability details There is no checking whether the ExecutorPlugin module has been activated or not on the sub-account, this can cause malfunctions if the user wants to execute tx via ExecutorPlugin Impact Can cause malfunctions if the user wants to execute tx via ExecutorPlugin ...

check that the default consoleFallbackHandler and SafeModerator have not been changed after executing every transaction by the executors and the operator will always revert and freeze all the functionality of the sub account if the owners of console account have changed this addresses

Lines of code Vulnerability details Impact this vulnerability will lead to freeze all the functionality of the sub account and revert on all the transaction . Proof of Concept the main console is allowed to change the guard of the sub accounts and the fallback handler of the sub accounts , but if...

the operators of the sub account can execute any transaction(not restricted by policy ) to a 3rd party without going through the policy validation process by the trustedValidator

Lines of code Vulnerability details Impact this vulnerability will cause the tokens of the sub accounts to be stolen or perform any activity on the subAcoounts without the validation against the policy and will allow the operators to execute transactions that are not restricted by the policy of t...

Console account cannot execute a transaction on a sub account unless it registers itself as an executor

Lines of code Vulnerability details The Executor is an account authorized to make module transactions on a subAccount via ExecutorPlugin. The executor is assigned/registered by the subaccount created by the console account. But the console account itself cannot execute the transaction & is...

Resetting a sub-account's guard manually from the Main Console can potentially lead to a permanent denial of service (DoS) for that sub-account.

Lines of code Vulnerability details Impact If the Main Console resets the guard, resets the fallback handler, or disables itself as a module of a sub-account, the executors will permanently cease executing any transactions on that sub-account. And also if the Main Console resets the fallback...

New Relic: [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts

I've been poking around with sub accounts since I exploited 219356 and gave myself access to New Relic pro features, and I found a few things that seem to be overlooked after the user management overhaul that happened about a few weeks ago. When you have a sub account on your account, you get thi...