search

code-423n4 / 2022-11-size-findings

1 stars 0 forks source link

Risk of infomation leakage due to bid with plain quote amount as input parameter #103

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-11-size/blob/706a77e585d0852eae6ba0dca73dc73eb37f8fb6/src/SizeSealed.sol#L124

Vulnerability details

Impact

There is hign risk of infomation leakage due to bid with plain quote amount as input parameter.

Proof of Concept

People are always used to input neat data, for example, the probability of entering 1.2 is much greater than some thing like 1.279

So, let's say base token is ETH and the market price is 1560 USDT/ETH. If a bidder submits quote amount with $310, i can guess that he/she wants to buy 0.2 ETH with price 1550 USDT/ETH.

https://github.com/code-423n4/2022-11-size/blob/706a77e585d0852eae6ba0dca73dc73eb37f8fb6/src/SizeSealed.sol#L124

Tools Used

VS Code

Recommended Mitigation Steps

Use 'maxQuoteAmount' instead of exact 'quoteAmount' and input 'quoteAmount' as an encrypted parameter. The calculation of 'maxQuoteAmount' can look like this

r = randInt(1, 2000)
maxQuoteAmount = quoteAmount * (10000 + r) / 10000
divider = 1
while (true) {
    divider *= 10
    next = maxQuoteAmount - (maxQuoteAmount % divider)
    if (next < quoteAmount) {
        break;
    }
    maxQuoteAmount = next
}
trust1995 commented 2 years ago

Speculative, believe High risk is overly inflated.

0xean commented 2 years ago

agree, probably best as QA.

c4-judge commented 2 years ago

0xean changed the severity to QA (Quality Assurance)

c4-judge commented 2 years ago

0xean marked the issue as grade-c

c4-judge commented 2 years ago

0xean marked the issue as grade-b