Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA-01 MitigationConfirmed #4

Open
c4-bot-2 opened this issue Apr 10, 2024 · 1 comment
Open

QA-01 MitigationConfirmed #4

c4-bot-2 opened this issue Apr 10, 2024 · 1 comment
Labels
mitigation-confirmed MR-QA-01 satisfactory satisfies C4 submission criteria; eligible for awards

Comments

@c4-bot-2
Copy link
Contributor

Lines of code

Vulnerability details

Comments

In the original MultiOwnable implementation there was no check to stop a user accidentally removing the last owner of an account, which would lead to the account being permanently inaccessible and any funds it held being locked.

Mitigation

To mitigate this, the function removeOwnerAtIndex now reverts if the index passed to it contains the last active owner. Additionally a removeLastOwner function has been added to allow users to still remove the accounts last owner if that is indeed their intention.

Conclusion

The mitigations made should indeed make it impossible for a user to mistakenly remove an account's last owner via removeOwnerAtIndex.
c4-bot-1 added a commit that referenced this issue Apr 10, 2024
@c4-bot-1
McToady issue #4
fb95da3
@c4-judge
Copy link

3docSec marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
mitigation-confirmed MR-QA-01 satisfactory satisfies C4 submission criteria; eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@c4-judge @c4-bot-2