Skip to content

Latest commit

 

History

History
51 lines (28 loc) · 2.06 KB

File metadata and controls

51 lines (28 loc) · 2.06 KB

Fit White Dog

Medium

Incorrect Threshold Validation Logic Potentially Blocks Valid Configurations

Summary

The threshold validation logic where it incorrectly validates the threshold against required signatures using an equality check (!=) instead of checking if the threshold is too low (<). This causes the contract to revert valid threshold configurations that are higher than the minimum required signatures.

Vulnerability Detail

code location:

https://github.com/sherlock-audit/2024-11-hats-protocol/blob/main/hats-zodiac/src/HatsSignerGate.sol#L487

The affected code is responsible for validating the threshold setting in the Safe contract. The threshold determines the number of owner signatures required to execute transactions.

The current implementation contains the following issues:

  1. Comments specify checking for lower thresholds
  2. Implementation rejects higher thresholds
  3. Logic contradicts documented behavior
  4. Should use < (less than) operator
  5. Current logic rejects valid higher thresholds

Code Snippet

https://github.com/sherlock-audit/2024-11-hats-protocol/blob/main/hats-zodiac/src/HatsSignerGate.sol#L483-L486

Tool used

Manual Review

Impact

Unnecessary Reverts

Current Behavior: The contract currently uses != to check if the threshold equals the required number of valid signatures. This results in a revert if the threshold is either lower or higher than the required number of valid signatures.

Expected Behavior: The contract should only revert if the threshold is lower than the required valid signatures. It should allow a higher threshold since that would still be a valid, stricter configuration.

Instance: If there are 3 owners and the required valid signatures are 2, the contract should allow a threshold of 2 or higher (3, for example). However, the current logic incorrectly reverts when the threshold is set to 3.

Mitigation

Update the Validation Logic: Replace the != operator with < to enforce the correct threshold validation: if (threshold < _getRequiredValidSignatures(owners.length)) revert ThresholdTooLow();