Platform: Code4rena
Start Date: 14/03/2024
Pot Size: $49,000 USDC
Total HM: 3
Participants: 51
Period: 7 days
Judge: 3docSec
Id: 350
League: ETH
Rank: 27/51
Findings: 1
Award: $36.34
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xmystery
Also found by: 0xbrett8571, 0xhacksmithh, 7ashraf, Bigsam, Circolors, IceBear, Jorgect, Koala, Limbooo, SBSecurity, Tigerfrake, ZanyBonzy, aycozynfada, cheatc0d3, cryptphi, d3e4, doublespending, foxb868, gpersoon, imare, jesjupyter, lsaudit, robriks, shealtielanz, y4y
36.3397 USDC - $36.34
https://github.com/code-423n4/2024-03-coinbase/blob/main/src/SmartWallet/MultiOwnable.sol#L102-L110
Any owner can delete all owners by repeatedly calling removeOwnerAtIndex().
Once all owners are removed the CoinbaseSmartWallet can't be used anymore and is bricked.
Repeatedly call removeOwnerAtIndex()
Manual review
Consider checking at least one owner is left (e.g. don't allow the last owner to be removed) Alternatively don't allow any owner to remove himself.
Governance
#0 - c4-pre-sort
2024-03-21T22:02:05Z
raymondfam marked the issue as insufficient quality report
#1 - raymondfam
2024-03-21T22:03:14Z
Inadequate description of the issue.
#2 - c4-pre-sort
2024-03-21T22:33:07Z
raymondfam marked the issue as duplicate of #18
#3 - c4-pre-sort
2024-03-22T22:32:13Z
raymondfam marked the issue as duplicate of #22
#4 - c4-pre-sort
2024-03-24T14:46:45Z
raymondfam marked the issue as duplicate of #181
#5 - c4-judge
2024-03-27T09:17:29Z
3docSec marked the issue as satisfactory
#6 - c4-judge
2024-03-27T18:01:27Z
3docSec changed the severity to QA (Quality Assurance)