Forbidden withdrawals because of wrong clearingQuote
setting
#71
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-252
partial-25
Incomplete articulation of vulnerability; eligible for partial credit only (25%)
Lines of code
https://github.com/code-423n4/2022-11-size/blob/706a77e585d0852eae6ba0dca73dc73eb37f8fb6/src/SizeSealed.sol#L217
Vulnerability details
Impact
In
finalize
functionclearingQuote
may be set totype(uint256).max
Then checks
atState()
will fail inrefund()
andwithdraw()
functions and it will impossible to return money to biddersProof of Concept
reveal()
function for finished auction with nofinalizeData
finalize()
with ``clearingQuote = type(uint256).max```atState(idToAuction[auctionId], States.Finalized)
inrefund()
andwithdraw()
will failTools Used
vs code
Recommended Mitigation Steps
check
clearingQuote
valueThe text was updated successfully, but these errors were encountered: