safeTransferFrom arbitrary address #8
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
invalid
This doesn't seem right
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L236-L241
Vulnerability details
description
in
InfinityExchange.sol
,MATCH_EXECUTOR
can call the functionmatchOneToManyOrders()
the function performs safeTransferFrom from
makerOrder.signer
which is a function parameterperforming safeTransferFrom from an address other than msg.sender is inherently unsafe as funds could be transferred from an arbitrary address
PoC
The text was updated successfully, but these errors were encountered: