Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowance check always true in ERC5095 redeem #173

Open
code423n4 opened this issue Jun 25, 2022 · 2 comments
Open

Allowance check always true in ERC5095 redeem #173

code423n4 opened this issue Jun 25, 2022 · 2 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-06-illuminate/blob/217ddfef05bc9df5c7b94f1c3226a46ee136b57d/marketplace/ERC5095.sol#L116

Vulnerability details

Impact

In redeem, it is checked that the allowance is larger than underlyingAmount, which is the return parameter (i.e., equal to 0 at that point). Therefore, this check is always true and there is no actual allowance check, allowing anyone to redeem for another user.

Recommended Mitigation Steps

Change the underlyingAmount to principalAmount, which is the intended parameter.
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Jun 25, 2022
code423n4 added a commit that referenced this issue Jun 25, 2022
@code423n4
Lambda issue #173
1639048
This was referenced Jun 28, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@sourabhmarathe sourabhmarathe added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Jun 28, 2022
@sourabhmarathe
Copy link
Collaborator

sourabhmarathe commented Jun 30, 2022
edited by JTraversa
Loading

While we did not actually intend to audit the 5095 implementation, as 5095 itself is not yet final, we did describe its purpose in our codebase in the initial readme, and didn't specify that it was not in scope.
(we wanted wardens to understand its role in our infra)

With that context, we will leave it up to the judges whether or not to accept issues related to the ERC5095 token.

@sourabhmarathe sourabhmarathe added sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue and removed sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") labels Jun 30, 2022
@JTraversa JTraversa mentioned this issue Jul 6, 2022
Closed
@gzeoneth
Copy link
Member

I think it is fair to accept issues related to the ERC5095 token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sourabhmarathe @code423n4 @gzeoneth