deth_ctf - The `msg.value` of the `deposit()` function is not restricted

Egis-Security / CTF_Challenge

Repository containing CTF challenges from nmirchev8, deth and bOgO.

14 stars 8 forks source link

Open ghost opened 1 month ago

ghost commented 1 month ago

If a Vault is unlocked, user can use the deposit function. However, there are no restrictions on the msg.value.

Malicious user can send transactions with msg.value = 0 and grief a Vault

require(msg.value > 0, "Cannot be zero")

0xdeth commented 3 weeks ago

Grief the vault how? His balances are updated based on msg.value, so if he passes 0 his balances won't be updated.