Closed code423n4 closed 1 year ago
https://github.com/prepo-io/prepo-monorepo/blob/3541bc704ab185a969f300e96e2f744a572a3640/packages/prepo-shared-contracts/contracts/TokenSenderCaller.sol#L9
I can read private token variable value from attack solidity file.
The private variable read is in line 9.
PoC Results of read private variable Screendump: https://github.com/gbadebosmith/ouch/blob/main/PrivateDataReadFromTokenSenderOfContractScreenshot.jpg
PoC Attack code to read private variable: https://github.com/gbadebosmith/ouch/blob/main/AttackTokenSenderCaller.sol
Remix IDE
Picodes marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/prepo-io/prepo-monorepo/blob/3541bc704ab185a969f300e96e2f744a572a3640/packages/prepo-shared-contracts/contracts/TokenSenderCaller.sol#L9
Vulnerability details
Impact
I can read private token variable value from attack solidity file.
The private variable read is in line 9.
Proof of Concept
PoC Results of read private variable Screendump: https://github.com/gbadebosmith/ouch/blob/main/PrivateDataReadFromTokenSenderOfContractScreenshot.jpg
PoC Attack code to read private variable: https://github.com/gbadebosmith/ouch/blob/main/AttackTokenSenderCaller.sol
Tools Used
Remix IDE
Recommended Mitigation Steps