Deploying HSG with an already existing Safe can break protocol invariants and brick the HSG

Summary

In the setUp() function there are no checks to ensure that the Safe being pointed to has the HSG contract enabled as the only module. As a result, the protocol invariant of 'There should never be more than 1 module enabled on the safe' may be violated. If the Safe has more than one module, then functionality will be bricked (signers will not be able to execute transactions) due to the state check failing. Since the HSG can't point itself to another Safe, the HSG contract will be rendered useless.

Root Cause

See above.

Internal pre-conditions

HSG is setup with an already existing Safe that has a module enabled (which is not the HSG).

External pre-conditions

No response

Attack Path

See summary.

Impact

Signers can't execute any Safe transactions until the HSG detaches itself from the Safe. The HSG is bricked.

PoC

No response

Mitigation

Add checks to ensure that the Safe being pointed to in setUp() does not break protocol invariants.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

010.md

010.md

Deploying HSG with an already existing Safe can break protocol invariants and brick the HSG

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

010.md

Latest commit

History

010.md

File metadata and controls

Deploying HSG with an already existing Safe can break protocol invariants and brick the HSG

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation