code423n4 commented 3 years ago

Handle

0xsanson

Vulnerability details

Impact

The function Factory.proposeBasketLicense at the end emits BasketLicenseProposed(msg.sender, tokenName) and returns the id of the proposal. This id should also be written to the log, since it's needed by the proposer (for createBasket), and they may not see the return value of an external function.

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Factory.sol#L87-L90

Tools Used

editor

Recommended Mitigation Steps

Consider redefining the event to contain the id of the proposal.

frank-beard commented 2 years ago

not an exploit

GalloDaSballo commented 2 years ago

As per the docs, non-critical as it related to off-chain monitoring

code-423n4 / 2021-09-defiprotocol-findings