Open code423n4 opened 2 years ago
Disagree that this is a duplicate of 246.
This is an additional vulnerability related to the same code.
Here the warden shows how you could spin up a new account to claim 0 tokens and grief the withdrawal of someone who is entitled to some tokens (technically they just need to send to another address)
Given these considerations, I believe Low Severity to be more appropriate (DOS that can be easily sidestepped)
Generating QA Report as warden had not submitted one and judge downgraded issue. Preserving original title: Users Can Deny Other Users From Calling Shelter.withdraw()
Lines of code
https://github.com/code-423n4/2022-02-concur/blob/main/contracts/Shelter.sol#L52-L58
Vulnerability details
Impact
The
claimed
mapping is checked on the_to
address, hence malicious users could frontrun calls towithdraw
and potentially prevent successful withdrawals if theclaimed
mapping is correctly checked.Proof of Concept
https://github.com/code-423n4/2022-02-concur/blob/main/contracts/Shelter.sol#L52-L58
Tools Used
Manual code review. Confirmation from Taek.
Recommended Mitigation Steps
Consider replacing
_to
withmsg.sender
.