operate() does not check illegal revenueContract #285
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-312
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/SpigotLib.sol#L61
Vulnerability details
Impact
SpigotLib#operate() has check if the method signature in data is in the whitelist, but not check revenueContract is in settings[].
There is a certain risk that the signatures are the same, and operator can pass revenueContract=claimedToken, which is used to manipulate the claimedToken
Proof of Concept
Tools Used
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: