Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The minipools creation could be compromised if is not possible to register more multisigs and all of them are disabled #349

Closed
code423n4 opened this issue Dec 31, 2022 · 3 comments
Closed

The minipools creation could be compromised if is not possible to register more multisigs and all of them are disabled #349

code423n4 opened this issue Dec 31, 2022 · 3 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-521 satisfactory satisfies C4 submission criteria; eligible for awards sponsor duplicate Sponsor deemed duplicate

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MultisigManager.sol#L35
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MultisigManager.sol#L55
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MultisigManager.sol#L68

Vulnerability details

Impact

The MultisigManager.sol allows to register the multisigs that are valid for the Minipools administration. There is a limit for the registration.

If for some reason all the Multisig are disabled/compromised, it would not possible to add more multisig because the limit. The protocol can not create/enable more multisigs and is not possible to create minipools because there are not any enabled multisig.

All multisigs could be compromised and arises the necessity to register more multisigs in order to assign them for the minipool administration. It is an edge case but it is possible.

Proof of Concept

I did the next test:

  1. Register and enable multisigs in order to reach the limit
  2. Disable all the multisigs
  3. Register another multisig and the transaction will be reverted because the registration reach the limit
  4. It is not possible to create more multisigs and the protocol runs out of valid multisigs
function testMultisigLimitAfterDisableAllOfThem() public {
    // Unable to assign more multisig when all of them are disabled
    // 1. Register and enable multisigs and reach the limit
    // 2. Disable all the multisigs
    // 3. Register another multisig and the transaction will be reverted because
    // 	  the registration reach the limit
    uint256 count = multisigMgr.getCount();
    uint256 limit = multisigMgr.MULTISIG_LIMIT();
    //
    // 1. Register multisigs and reach the limit
    //
    vm.startPrank(guardian);
    for (uint256 i = 0; i < limit - count; i++) {
        address randomMultisig = randAddress();
        multisigMgr.registerMultisig(randomMultisig);
        multisigMgr.enableMultisig(randomMultisig);
    }
    assertEq(multisigMgr.getCount(), limit);
    vm.expectRevert(MultisigManager.MultisigLimitReached.selector);
    multisigMgr.registerMultisig(randAddress());
    //
    // 2. Disable all the multisigs
    //
    for (uint256 i = 0; i < limit - count; i++) {
        (address multisigAddress,) = multisigMgr.getMultisig(i);
        multisigMgr.disableMultisig(multisigAddress);
    }
    //
    // 3. Register another multisig and the transaction will be reverted because
    // the registration reach the limit
    //
    address randomMultisig = randAddress();
    vm.expectRevert(MultisigManager.MultisigLimitReached.selector);
    multisigMgr.registerMultisig(randomMultisig);
    vm.stopPrank();
}

Tools used

Foundry/VsCode

Recommended Mitigation Steps

Count only the validated/enabled multisigs in order to control the limit.
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Dec 31, 2022
code423n4 added a commit that referenced this issue Dec 31, 2022
@code423n4
0xbepresent issue #349
b79527c
C4-Staff added a commit that referenced this issue Jan 6, 2023
@C4-Staff
original risk added for issue #349
68a91bc
@0xju1ie
Copy link

0xju1ie commented Jan 19, 2023

dupe of #521

@0xju1ie 0xju1ie mentioned this issue Jan 19, 2023
Open
@0xju1ie 0xju1ie added the sponsor duplicate Sponsor deemed duplicate label Jan 19, 2023
@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as duplicate of #521

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Feb 8, 2023
@c4-judge
Copy link
Contributor

c4-judge commented Feb 8, 2023

GalloDaSballo marked the issue as satisfactory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-521 satisfactory satisfies C4 submission criteria; eligible for awards sponsor duplicate Sponsor deemed duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@0xju1ie @code423n4 @c4-judge