The NFTXVaultUpgradeable.getPseudoRand is not really random and can be predicted.
It's also easy to make sure that one gets the correct token by having a smart contract simulate the randomness logic before the call to redeem / swap.
Impact
When redeeming one should only be able to specify the NFTs when enableDirectRedeem is true which allows specifying specificIds.
With randomness that is resolved in the same transaction, one can circumvent this restriction and get the same behaviour as if enableDirectRedeem is true even though it's false.
A smart contract can redeem and check the result of the redeem and if it's not the desired result, the transaction is reverted and retried.
Recommended Mitigation Steps
This predictability can only be circumvented with a two-step process that doesn't resolve the randomness in the same step as the tokens are transferred.
Handle
@cmichelio
Vulnerability details
Vulnerability Details
The
NFTXVaultUpgradeable.getPseudoRandis not really random and can be predicted. It's also easy to make sure that one gets the correct token by having a smart contract simulate the randomness logic before the call to redeem / swap.Impact
When redeeming one should only be able to specify the NFTs when
enableDirectRedeemistruewhich allows specifyingspecificIds. With randomness that is resolved in the same transaction, one can circumvent this restriction and get the same behaviour as ifenableDirectRedeemis true even though it's false. A smart contract can redeem and check the result of the redeem and if it's not the desired result, the transaction is reverted and retried.Recommended Mitigation Steps
This predictability can only be circumvented with a two-step process that doesn't resolve the randomness in the same step as the tokens are transferred.