Skip to content

Commit d3abbbd

Browse files
alcuecaalcueca
authored
Address potential reentrancy vector on LivenessModule2 (#17975)
* Moved `delete challengeStartTime[_safe]` up * I though pre-pr did this * Version and semver-lock fix * minor version bump
1 parent e395e0a commit d3abbbd

File tree

3 files changed

+7
-7
lines changed

3 files changed

+7
-7
lines changed

packages/contracts-bedrock/snapshots/semver-lock.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -208,8 +208,8 @@
208208
"sourceCodeHash": "0x7fc4789b082bc8ecd29c4c75a06058f0ff0b72f1c1028a42db6f1c35269c8865"
209209
},
210210
"src/safe/SaferSafes.sol:SaferSafes": {
211-
"initCodeHash": "0xc546c21b73dce6c0b04ab5ddca56f61f648e26fc8345d0dcf160d94767dc4af6",
212-
"sourceCodeHash": "0x22d773a7d6cc981b374b7cdc823e418293e0a82714757cac1ebb6079b2f9650b"
211+
"initCodeHash": "0x54eb5d9d4dd6c7a6ac5c223c7e166cf30e93e11acb8caefab73eac596dba5af7",
212+
"sourceCodeHash": "0xeb7745b3f5626573d1e935affbbb0e6b455e729f1d8b2da84ab0d5a46f848377"
213213
},
214214
"src/universal/OptimismMintableERC20.sol:OptimismMintableERC20": {
215215
"initCodeHash": "0x3c85eed0d017dca8eda6396aa842ddc12492587b061e8c756a8d32c4610a9658",

packages/contracts-bedrock/src/safe/LivenessModule2.sol

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -264,6 +264,9 @@ abstract contract LivenessModule2 {
264264
revert LivenessModule2_ResponsePeriodActive();
265265
}
266266

267+
// Reset the challenge state to allow a new challenge
268+
delete challengeStartTime[_safe];
269+
267270
// Get current owners
268271
address[] memory owners = _safe.getOwners();
269272

@@ -296,9 +299,6 @@ abstract contract LivenessModule2 {
296299
revert LivenessModule2_OwnershipTransferFailed();
297300
}
298301

299-
// Reset the challenge state to allow a new challenge
300-
delete challengeStartTime[_safe];
301-
302302
// Disable the guard
303303
// Note that this will remove whichever guard is currently set on the Safe,
304304
// even if it is not the SaferSafes guard. This is intentional, as it is possible that the guard

packages/contracts-bedrock/src/safe/SaferSafes.sol

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,8 @@ import { ISemver } from "interfaces/universal/ISemver.sol";
2222
/// functionality is not desired, then there is no need to enable or configure it.
2323
contract SaferSafes is LivenessModule2, TimelockGuard, ISemver {
2424
/// @notice Semantic version.
25-
/// @custom:semver 1.4.0
26-
string public constant version = "1.4.0";
25+
/// @custom:semver 1.5.0
26+
string public constant version = "1.5.0";
2727

2828
/// @notice Error for when the liveness response period is insufficient.
2929
error SaferSafes_InsufficientLivenessResponsePeriod();

0 commit comments

Comments
 (0)