Puny Grey Seal
High
The current implementation does not update the minimum and target threshold values when new signers are added. As a result, the quorum requirement may not adjust as expected with the increasing number of signers, potentially enabling an attacker to manipulate the system by adding signers without appropriately adjusting the voting thresholds. !The states of min and target do not update after new register
The logic in the _addSigner function allows new signers to be added but does not account for dynamically updating the minimum and target threshold values in relation to the total number of owners or signers. This oversight leaves the threshold values static, which prevents the system from correctly adjusting the quorum requirements as the number of signers grows. Specifically, while the function calculates a new threshold based on the number of owners, it does not update the threshold configuration (min and target) itself.
No response
No response
Malicious Signer Registration: An attacker could register multiple signer addresses, inflating the number of signers in the system.
Threshold Bypass: Since the minimum and target threshold values are not updated dynamically when new signers are added, the attacker can add signers without increasing the quorum requirement (i.e., the number of valid signatures required). This allows the attacker to bypass quorum requirements, making it easier to manipulate voting outcomes or approve malicious transactions.
An attacker could manipulate the system by adding multiple signers, diluting the quorum requirement, and reducing the difficulty of passing malicious transactions. This creates a situation where the voting process can be dominated by a single party or group, effectively bypassing the intended security mechanisms. The states of min and target do not update after new register
No response
No response