New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
call opcode's return value not checked. #241
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-05
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
labels
Nov 13, 2022
Picodes marked the issue as primary issue |
c4-judge
added
the
primary issue
Highest quality submission among a set of duplicates
label
Nov 19, 2022
This was referenced Nov 19, 2022
Closed
Closed
Picodes marked the issue as selected for report |
c4-judge
added
the
selected for report
This submission will be included/highlighted in the audit report
label
Nov 21, 2022
c4-sponsor
added
the
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
label
Nov 24, 2022
0xhiroshi marked the issue as sponsor confirmed |
Picodes changed the severity to 2 (Med Risk) |
c4-judge
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
downgraded by judge
Judge downgraded the risk level of this issue
and removed
3 (High Risk)
Assets can be stolen/lost/compromised directly
labels
Dec 11, 2022
Medium severity as only the dust is impacted. |
Picodes marked the issue as satisfactory |
c4-judge
added
the
satisfactory
satisfies C4 submission criteria; eligible for awards
label
Dec 11, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
M-05
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/lowLevelCallers/LowLevelETH.sol#L35
https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/lowLevelCallers/LowLevelETH.sol#L46
https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/lowLevelCallers/LowLevelETH.sol#L57
Vulnerability details
Impact
The
call
opcode's return value not checked, which could leads to theoriginator
lose funds.Proof of Concept
The caller of
LooksRareAggregator.sol::execute
could be a contract who may not implement thefallback
orreceive
function, when a call to it with value sent, it will revert, thus failed to receive the ETH.Let's imagine the contract call the
execute
function to buy multiple NFTs with ETH as the payout currency and make theisAtomic
parameter being false. Since the batch buy of NFTs is not atomic, the failed transactions in LooksRare or Seaport marketplace will return the passed ETH. The contract doesn't implement thefallback/receive
function and the call opcode's return value not checked, thus the ETH value will be trapped in theLooksRareAggregator
contract until the next user call theexecute
function and the trapped ETH is returned to him. Theoriginator
lose funds.Tools Used
Manual review
Recommended Mitigation Steps
check the return value the
call
opcode.The text was updated successfully, but these errors were encountered: