-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Groupbuy: Construction of merkle tree allows some unintended IDs to be bought #11
Comments
HickupHH3 marked the issue as satisfactory |
HickupHH3 marked the issue as primary issue |
stevennevins marked the issue as disagree with severity |
While this is technically correct we do not see it as an issue. For this scenario to play out the contract targeted by a pool would need to allow users or an owner to mint arbitrary ids, which I would say is not the case for the large majority of projects that would be suited to a group buy. Even in projects such as ENS where token ids are not sequential the issue would still require a hash collision between the root and a user input. |
While I agree that it's extremely unlikely for the |
liveactionllama marked the issue as duplicate of #14 |
Lines of code
https://github.com/code-423n4/2022-12-tessera/blob/1e408ebc1c4fdcc72678ea7f21a94d38855ccc0b/src/modules/GroupBuy.sol#L188
Vulnerability details
Impact
In
GroupBuy.purchase
, when no proof is provided, it is required that the provided token ID is equal to the storedmerkleRoot
:This makes sense because the token ID is stored in the variable
merkleRoot
directly when only one ID is provided. However, the problem is that a user can also provide no merkle proof whenmerkleRoot
does not contain the token ID of a single token, but a valid merkle root. In that case, the user can mint the token with the ID of the merkle root (interpreteted as auint256
), although that was never intended. Because token IDs are arbitraryuint256
and do not have to be consecutive, this can be a valid token ID.Note on severity: The issue is very similar (or basically the same) as M-01 in the Seaport contest, where cmichel provided the following reasoning for the severity:
Proof Of Concept
We assume that the root of the merkle tree for some provided token IDs is 0xDEADBEEF.. When calling
purchase
, the user can now provide an empty_purchaseProof
and useuint256(0xDEADBEEF..)
as_tokenId
. This allows him to buy a token ID that the creator never whitelisted (uint256(0xDEADBEEF..)
).Recommended Mitigation Steps
Also hash a single token ID before storing it in
merkleRoot
(and before the check inpurchase
).The text was updated successfully, but these errors were encountered: