Open code423n4 opened 1 year ago
berndartmueller marked the issue as primary issue
stevennevins marked the issue as disagree with severity
Marking as medium, because funds not directly at Risk but this is a good point for us to keep in mind
berndartmueller changed the severity to 2 (Med Risk)
berndartmueller marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/FixedPriceFactory.sol#L29 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDAFactory.sol#L29 https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/OpenEditionFactory.sol#L29
Vulnerability details
Impact
For all kinds of sales, the creators create new sales contracts with arbitrary sale data, and the edition is not properly checked. Malicious creators can create fake contracts that implemented
IEscher721
and fake buyers to get free earnings.Proof of Concept
Sales contracts can be created by any creator and the sale data is filled with the one provided by the creator. The protocol does not validate the
sale.edition
provided by the creator and malicious creators can effectively use their fake contract address that implementedIEscher721
. In the worst case, buyers will not get anything after their payments.Malicious creators can use a fake contract as an edition to steal funds from users.
Tool used
Manual Review
Recommended Mitigation Steps
Track all the deployed
Escher721
contracts in theEscher721Factory.sol
and validate thesale.edition
before creating sales contracts.