search

code-423n4 / 2022-09-nouns-builder-findings

10 stars 6 forks source link

Upgraded Q -> M from 686 [1664289678850] #729

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Judge has assessed an item in Issue #686 as Medium risk. The relevant finding follows:

GalloDaSballo commented 1 year ago

Impact by design, there should not be more than 16 attributes. but when adding properties, there are no constraints

Proof of Concept https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/token/metadata/storage/MetadataRendererStorageV1.sol#L20 https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/token/metadata/MetadataRenderer.sol#L91

Tools Used Recommended Mitigation Steps do something with this effect: function addProperties() { ... if (_names.length + properties.length) > 16) revert TOO_MANY_PROPERTIES; ... }

Dup of #523