Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L132 https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88
The owner of the contract can broke the storage of the LooksRareAggregator contract
The addFunction() function - https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L132 can be called by the owner to to set proxy address and function selector for the function to be called inside this proxy. This function is dangerous because LooksRareAggregator performs delegatecall - https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88 to that address. It is not guaranteed that those new proxies won't rewrite slots in the LooksRareAggregator storage.
addFunction()
delegatecall
Consider following well-known patterns for proxies management.
This is the intended design, no PoC.
Picodes marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L132 https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88
Vulnerability details
Impact
The owner of the contract can broke the storage of the LooksRareAggregator contract
Proof of Concept
The
addFunction()
function - https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/LooksRareAggregator.sol#L132 can be called by the owner to to set proxy address and function selector for the function to be called inside this proxy. This function is dangerous because LooksRareAggregator performsdelegatecall
- https://github.com/code-423n4/2022-11-looksrare/blob/main/contracts/LooksRareAggregator.sol#L88 to that address. It is not guaranteed that those new proxies won't rewrite slots in the LooksRareAggregator storage.Recommended Mitigation Steps
Consider following well-known patterns for proxies management.