search

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

Airdrop malicious NFT/token #400

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L268

Vulnerability details

Impact

Since both strike and premium amount can be zero, a malicious user can create order with malicious tokens which are free to grab

Proof of Concept

  1. Malicious user create a Long Put order with 0 strike amount and 0 premium.
  2. The ERC token provided is malicious
  3. User will get attracted to this order since it is like a free Airdrop and could miss checking the distributed tokens in this order
  4. User withdraws and obtains the malicious tokens on there wallet.

Recommended Mitigation Steps

Ensure both strike amount and premium amount are greater than 0

GalloDaSballo commented 2 years ago

Why would a user willingly accept a malicious order?

outdoteth commented 2 years ago

Duplicate: Setting malicious or invalid erc721Assets, erc20Assets or floorTokens prevents the option from being exercised: https://github.com/code-423n4/2022-06-putty-findings/issues/50

HickupHH3 commented 2 years ago

Why would a user willingly accept a malicious order?

Because FOMO and... you know, problem between keyboard and chair :p