New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No Input Validation On _execute or safeTranferFrom #261
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-521
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
labels
Jan 16, 2023
You need to develop what could be the impact of this with regards to user funds |
Picodes marked the issue as duplicate of #564 |
Picodes marked the issue as partial-25 |
c4-judge
added
the
partial-25
Incomplete articulation of vulnerability; eligible for partial credit only (25%)
label
Jan 24, 2023
c4-judge
added
duplicate-521
satisfactory
satisfies C4 submission criteria; eligible for awards
and removed
duplicate-564
partial-25
Incomplete articulation of vulnerability; eligible for partial credit only (25%)
labels
Feb 15, 2023
Picodes marked the issue as satisfactory |
c4-judge
added
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
and removed
3 (High Risk)
Assets can be stolen/lost/compromised directly
labels
Feb 23, 2023
Picodes changed the severity to QA (Quality Assurance) |
c4-judge
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
and removed
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
labels
Feb 24, 2023
This previously downgraded issue has been upgraded by Picodes |
Picodes marked the issue as not a duplicate |
Picodes marked the issue as duplicate of #521 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-521
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/main/src/ClearingHouse.sol#L114
https://github.com/code-423n4/2023-01-astaria/blob/main/src/ClearingHouse.sol#L169
Vulnerability details
Impact
An attacker can pass malicious
tokenContract
andencodedMetaData
values.Proof of Concept
The
_execute
function is called bysafeTransferFrom
and does not perform any input validation on thetokenContract
andencodedMetaData
arguments - neither at the_execute
orsafeTransferFrom
levels.Recommended Mitigation Steps
Perform input validation on either functions. A comment mentions that the data is useless; if that is the case, then either remove the function altogether or perform input validation regardless - as the function might be adopted further without the proper security mechanisms in place.
The text was updated successfully, but these errors were encountered: