ton-blockchain/multisig-contract-v2

Subject: Identification of Critical Issues in Multisig 2.0 Contract

Andresouza6 opened this issue · 2 comments

Greetings!

I hope this message finds you well. I would like to share my findings regarding potential critical flaws in the Multisig 2.0 smart contract.

*Vulnerability in the Order Execution Function:
During my analysis of the source code, I came across a potentially serious flaw in the order execution function of the Multisig 2.0 contract. The choice of the parameter threshold = 1 may allow an attacker to collect funds from all parties involved in a multisig wallet and transfer them to their own wallet with just one transaction confirmation. This poses a significant risk of asset loss for all wallet participants. I suggest carefully reviewing this parameter and considering a more robust configuration to protect user funds.

Access Control Fragility:
During my analysis of the contract structure, I identified areas where access control could be improved. Certain permissions granted may expose funds held by the contract to unnecessary risks. I recommend a thorough review of access policies and the implementation of stricter measures to protect participant assets.

Necessary Audit:
It is essential to conduct a comprehensive audit of the Multisig 2.0 contract to identify and address any additional vulnerabilities. A thorough audit is crucial to ensuring the security and reliability of the contract, thereby safeguarding user interests.

I am committed to contributing to the enhancement of the Multisig 2.0 contract's security. Thank you for the opportunity to share my findings, and I am available to provide further information if needed.

With all due respect,

Telegram Contact: @Admfocus

Name: André Souza

Well, that is out of scope for FunC code. That it should be mentioned in docs, I agree.

ChatGPT, ban