H-01 MitigationConfirmed

[c4-bot-3]

Lines of code

Vulnerability details

Original Issue Summary

• H-01: Withdrawals can be locked forever if recipient is a contract

In the original issue, due to a combination of the usage of transfer and the usage of a two-step withdrawal process, people who used multisig would be able to complete the first step of the two-step withdrawal process, but they would not be able to complete the second step of the two-step withdrawal process, leading to funds lost.

Mitigation

• Mitigation H-01

This mitigation proposes the usage of call() instead of transfer() and checks if the call() returns a true value.

-            payable(msg.sender).transfer(_withdrawRequest.amountToRedeem);
+            (bool success, ) = payable(msg.sender).call{ value: _withdrawRequest.amountToRedeem }(
+                ""
+            );
+            if (!success) revert TransferFailed();

Comments

This mitigation succesfully mitigates the original issue - usage of call() will forward all available gas, which would prevent a lockup like in the original issue.

Suggestions

If this has not been done already, add documentation telling users to be extra careful when using multisigs. Even though this mitigation mitigates the original issue, Safe multisigs are complex and not one-size fits all. Safe multisigs can have different Guards/Modules that change the inner-workings of a Safe multisig, so it would be good to give the multisig users a heads-up.

Conclusion

LGTM

[c4-judge]

alcueca marked the issue as satisfactory