Puny Grey Seal
High
The current implementation of the claimSigner and _addSigner functions allows a signer to re-register multiple times with the same hat, potentially manipulating the threshold for Safe owners.
!The issue is that while the function allows for re-registration when _allowReregistration is set to true, there's no check to prevent a signer from reregistering the same hat, which could indeed lead to undesirable behavior—like inflating the number of signers and unnecessarily updating the threshold.
The issue arises because the system allows re-registration of signers with _allowReregistration set to true without checking whether the signer is already registered. As a result, the signer can continuously reregister, leading to unnecessary changes in the ownership threshold (newThreshold) each time a new signer is added.
https://github.com/sherlock-audit/2024-11-hats-protocol/blob/main/hats-zodiac/src/HatsSignerGate.sol#L206-L212 _addSigner.
Threshold Update Logic: The _getNewThreshold function adjusts the threshold each time a new owner is added. If a signer keeps re-registering, the threshold keeps getting updated, potentially reducing the quorum required for valid signatures.
No response
No response
Initial Condition: An attacker registers a signer by calling the claimSigner function, which allows them to add themselves as a signer.
Reregistration Process: The attacker can then repeatedly call claimSigner with _allowReregistration set to true. Since no check exists to verify if the address is already registered, the signer can reregister and trigger threshold updates each time.
Threshold Manipulation: Each reregistration causes the system to update the ownership threshold, lowering the number of required valid signers for approval. This gives the attacker the ability to bypass governance or consensus mechanisms and gain control over critical decisions within the Safe.
Exploitation: By inflating the number of owners (via multiple reregistrations), the attacker can reduce the quorum required for transaction approvals. This enables them to potentially manipulate or approve malicious transactions without sufficient checks and balances.
A member of the hat can repeatedly reregister as a signer, causing the threshold to be updated each time. This manipulation allows the attacker to increase the number of signers, effectively lowering the quorum required for approval. As a result, the attacker can influence the system by making it easier for certain votes or transactions to fail, simply by continually updating the threshold with each reregistration.
No response
add a check if the address is already registered and if he is dont update threshold + 1