search

code-423n4 / 2022-11-paraspace-findings

7 stars 4 forks source link

Reentrancy Attack #162

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/marketplaces/LooksRareAdapter.sol#L73-L94

Vulnerability details

Impact

matchAskWithTakerBid() function is vulnerable to reentrancy attack as it calls external functions that can be manipulated to cause the function to recall itself. Allowing the attacker to drain the contract of ether or other assets before the transaction is completed.

Proof of Concept

  1. An attacker could call the matchAskWithTakerBid function multiple times to exploit the reentrancy vulnerability and withdraw multiple amounts of ETH and other Assets. https://gist.github.com/BadGenius22/27fbf029df29949b3160644df5b6038f

Tools Used

Slither, Echidna, Manticore, MythX, Foundry Fuzz Testing, and Mythril.

Recommended Mitigation Steps

Recommendations or solutions code in solidity to fix the bugs: Add a require statement to check if the calling address is the same as the sender address of the transaction. This will prevent an attacker from calling the function multiple times.

Solution code: require(msg.sender == address(this));

dmvt commented 1 year ago

No exploit shown. External call is at the end of the function.

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Insufficient proof