Light ModeLight
Light ModeDark

One Bug Per Day

One H/M every day from top Wardens

Checkmark

Join over 1095 wardens!

Checkmark

Receive the email at any hour!

Ad

A safe that been created using version 1.40=< will not be compatible with Brahma

mediumCode4rena

Lines of code

https://github.com/code-423n4/2023-10-brahma/blob/main/contracts/src/core/SafeModeratorOverridable.sol#L16

Vulnerability details

Impact

Safe's created outside of the Brahma ecosystem should be able to seamlessly integrate into the Brahma. This Safe should call WalletRegistry.registerWallet to register. After registration, this safe will be a consoleAccount and should be able to use the same functionality that all the other consoleAccounts have.

However, Safe's that have been created using version 1.4.0=< are not fully compatible with Brahma. This is because, in version 1.4.0, IERC165 support has been added to the GuardManager.sol, this is the code added:

diff
+ if (guard != address(0)) {
+ require(Guard(guard).supportsInterface(type(Guard).interfaceId), "GS300");
+ }

This means that every Safe that has been created using Safe's contract version 1.40 and up, can only add guards that support the EIP-165 interface, as read from the CHANGELOG.md

Proof of Concept

Consider the following:

  • Alice has a safe setup.
  • Alice wants to integrate her safe into the Brahma ecosystem.
  • Alice calls WalletRegistry.registerWallet, this call succeeds.
  • Alice decides she want to implement the guard contract provided by the Brahma ecosystem, SafeModeratorOverridable.sol
  • Alice calls GnosisSafe.setGuard(address(SafeModeratorOverridable))
  • This will fail because of this new require statement in Safe contracts v1.4.0=< :
javascript
function setGuard(address guard) external authorized {
        if (guard != address(0)) {
            require(Guard(guard).supportsInterface(type(Guard).interfaceId), "GS300");
        }

because the SafeModeratorOverridable.sol does not support the EIP-165 interface:

javascript
source: contracts/src/core/SafeModeratorOverridable.sol

contract SafeModeratorOverridable is AddressProviderService, IGuard {

This means that every Safe created with version 1.4.0 or up, can not implement the guard contract, which is a fundamental part of the way the ConsoleAccounts function.

Tools Used

Manual Review

Recommended Mitigation Steps

Add support for the EIP-165 interface or update the Safe contracts used in Brahma from 1.3.0 to the most recent version.

Assessed type

Context

OneBugPerDay.com
To all the whitehats, we salute you

Legal

Advertise with usPrivacy PolicyTerms of ServiceCookie PolicyAcceptable Use

Unsubscribe

Unsubscribe from all emailsConfirm unsubscribe via code

Subscribe

Subscribe via formConfirm subscription via codeChange your Preferences
Made by Alex The EntreprenerdVulnerabilities database by TinTinWeb