Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 1.38 KB

026.md

File metadata and controls

44 lines (31 loc) · 1.38 KB
Raw

Helpful Peach Caribou

Medium

There is no implementation or mechanism to unlock the HatsSignerGate contract.

Summary

The HatsSignerGate contract does not implement a mechanism to unlock the contract once it is locked.

##Vulnerability Details

The vulnerabilities that arise are as follows:-

  1. If the owner locks the contract for any purpose, such as to disable a specific function, it cannot be unlocked later because no unlocking mechanism has been implemented.
  2. If the contract is locked for any purpose or function, the migrateToNewHSG function will also be locked, making migration to a new HSG impossible, because the migrateToNewHSG function check that contract is locked or not.

Code lines :-

https://github.com/sherlock-audit/2024-11-hats-protocol/blob/main/hats-zodiac/src/HatsSignerGate.sol#L353

Impact :-

Once the contract is locked it will never be unlocked and the migration to other HSG will also not be possible.

Recommendations :-

Implement a new unlock function in the contract . locked is a global storage variable already defined in the contract.

The Following chnages in the HatsSignerGate contract.

    function unLock() public {
    _checkOwner();
    _unlock();
  }

  function _unlock() internal {
    locked = false;
    emit HSGunLocked();
  }

And in the IHatsSignerGate interface

    event HSGunLocked();