LowLevelETH: _returnETHIfAny; _returnETHIfAny; _returnETHIfAnyWithOneWeiLeft do not check if call was successful #163

code423n4 · 2022-11-13T09:45:28Z

Lines of code

https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelETH.sol#L32-L38
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelETH.sol#L54-L60
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelETH.sol#L43
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelETH.sol#L54
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L109
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L51-L57

Vulnerability details

Impact

This means that the caller won't receive ETH but the transaction will continue, this could specially affects to function LookRareAggregator.execute, which use _returnETHIfAny(address) function, leading to originator lose of funds or mess up its state variables.

Proof of Concept

Originator is a smart cotnract which will revert if it current balance is greater than 10. Originator contract has a function which calls LookRareAggregator.execute (for instance execute) and after that update a counter for current trades, which afect its accountability, then:

Bob calls originator smart contract (current balance 11) function execute
Originator smart contract calls LooksRareAggregator.execute, it result that some ETH is remaining after the trades
_returnETHIfAny(originator) is called, when this function tries to send ETH this last call is reverted, but it continue the _returnETHIfAny execution
LooksRareAggregator.execute execution finished
Originator execute function continues it execution and edit diferent state variables which affect it accountability

Originator smart contract accountability was mess up for using LooksRareAgregator contract.

Tools Used

Manual review

Recommended Mitigation Steps

Add next line at the end of each function
if (!status) revert ETHTransferFail();

The text was updated successfully, but these errors were encountered:

c4-judge · 2022-11-21T11:12:49Z

Picodes marked the issue as duplicate of #241

c4-judge · 2022-12-16T13:58:41Z

Picodes marked the issue as satisfactory

code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Nov 13, 2022

code423n4 added a commit that referenced this issue Nov 13, 2022

carlitox477 issue #163

35b7aab

c4-judge closed this as completed Nov 21, 2022

c4-judge added the duplicate-241 label Nov 21, 2022

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Dec 16, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LowLevelETH: _returnETHIfAny; _returnETHIfAny; _returnETHIfAnyWithOneWeiLeft do not check if call was successful #163

LowLevelETH: _returnETHIfAny; _returnETHIfAny; _returnETHIfAnyWithOneWeiLeft do not check if call was successful #163

code423n4 commented Nov 13, 2022

c4-judge commented Nov 21, 2022

c4-judge commented Dec 16, 2022

LowLevelETH: _returnETHIfAny; _returnETHIfAny; _returnETHIfAnyWithOneWeiLeft do not check if call was successful #163

LowLevelETH: _returnETHIfAny; _returnETHIfAny; _returnETHIfAnyWithOneWeiLeft do not check if call was successful #163

Comments

code423n4 commented Nov 13, 2022

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

c4-judge commented Nov 21, 2022

c4-judge commented Dec 16, 2022