Multis
Summary
Overall the code is well-written, however, we found a few low-risk issues. We recommend addressing them and/or considering the consequences of ignoring the issues. **We strongly recommend testing the contracts on Istanbul mainnet to ensure that the contracts work as intended.** Furthermore, although our audit focused on the fork diff vs the Gnosis implementation [commit 95d51ae](https://github.com/gnosis/MultiSigWallet/commit/95d51ae89ddec56859720fbb28cfe9d6732a26cf), we reviewed the whole codebase. Furthermore, we assumed that the used OpenZeppelin contracts were audited and, if necessary, fixed. **Update:** the team has acknowledged or resolved a few of the reported issues. Also, a test suite has been added to the project. **Update:** Quantstamp confirms that the reported inability of the contract to accept Ether via `transfer()` and `send()` under Istanbul EVM is fixed in commit `54f1694`. However, it should be noted that the use of `msg.sender` goes against the [recommended API use of GSN network](https://docs.opengsn.org/contracts/index.html) as this field would be the address of the RelayHub instead of the user. The Multis team considers the consequences of the mismatch in this scenario benign as the `msg.sender` address is only used for emitting an event. The change does not appear to have impact on the rest of the contract's functionality, however, the interactions were not subject to the re-audit.
Issues (8)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 8 | - | - | - | 8 |
Fixed | - | - | - | - | 0 |
| Total | 8 | 0 | 0 | 0 | 8 |