search

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

Same order could be exercised multiple times if transferFrom fails #367

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L389-L458

Vulnerability details

Impact

The exercise() function does not have a require check to ensure the order has not been already exercised. This allows for the caller after passing ownerOf(uint256(orderHash) to call the exercise() multiple times if the transferFrom() fails and gain more assets (erc20 , erc721, floor tokens) from putty.

Recommended Mitigation Steps

A require() is necessary

GalloDaSballo commented 2 years ago

Code is using safeTransferFrom if the transfer fails the tx will revert. Also the order get's marked as executed, and the NFT is sent to 0xdead making it impossible to exercise twice