Orbiting Magenta Nuthatch
Medium
Malicious actor will block valid threshold configurations for Safe owners through incorrect validation
The incorrect equality check in threshold validation will cause transaction reverts for valid configurations as the HatsSignerGate contract will reject any threshold that doesn't exactly match the required signatures.
In HatsSignerGate.sol:487 the threshold validation uses an incorrect equality check (!=) instead of the proper comparison operator (<):
- Contract needs to be deployed with Safe multisig integration
- Safe contract needs to have multiple owners configured
- valid signatures need to be set through _getRequiredValidSignatures()
None as this is an internal logical issue
- Admin attempts to set a threshold higher than the minimum required signatures
- Contract calls _getRequiredValidSignatures() to determine minimum required signatures
- Contract compares threshold using != operator
- Transaction reverts due to threshold not exactly matching required signatures, even though it's higher and therefore valid
The Safe contract owners cannot configure higher security thresholds than the minimum required. This prevents legitimate use cases where owners want to require more signatures than the minimum for additional security. While this doesn't result in direct financial loss, it reduces the flexibility and security options available to Safe owners. Specific examples:
- With 5 owners and minimum required signatures of 3, setting a threshold of 4 or 5 would fail
- Safe owners cannot implement stricter security policies even when all owners agree
No response
Replace the equality check with a "less than" comparison
// After
if (threshold < _getRequiredValidSignatures(owners.length)) revert ThresholdTooLow();This change ensures that:
- Thresholds below the required minimum are rejected
- Thresholds equal to or higher than the required minimum are accepted
- The code behavior matches the documented expectations in the comments