Closed code423n4 closed 2 years ago
This isn't possible because Alice would be msg.sender
and not in the vaultToToken
mapping. The vault address (msg.sender) is the key for each combination of (token address, token id)
Agree with sponsor, closing as invalid.
Lines of code
https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/VaultRegistry.sol#L39-L44
Vulnerability details
Impact
It is possible to burn someone's vault tokens.
Exploit Scenario
Let's say Alice and Bob have some vault tokens. For some reason, Bob didn't grab an ice-cream for Alice, therefore Alice wanted to revenge for that. So she decided to burn Bob's vault tokens.
burn()
is external, Alice has no problem with invoking that.info
contains info about Alice(has some tokens)id
Alice's id, which is not zeroTools Used