GalloDaSballo
commented
1 year ago At least you were honest
The finding does nothing though, it will revert because you don't have enough funds
Closed code423n4 closed 1 year ago
GalloDaSballo
commented
1 year ago At least you were honest
The finding does nothing though, it will revert because you don't have enough funds
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/BondNFT.sol#L1-L383
Vulnerability details
Impact
One potential exploit that could attack this code is by exploiting the "extendLock" function. This function allows the manager contract to extend the lock period and/or amount of a bond, and it does not include any checks to ensure that the new lock period and/or amount are valid. This means that an attacker could potentially call this function with maliciously large values for the "period" and "amount" parameters, which could lead to the bond being locked for an arbitrarily large amount of time and/or an arbitrarily large amount of tigAsset being locked
Proof of Concept
function exploit() public { // Replace "bondNFT" with the address of the BondNFT contract BondNFT bondNFT = BondNFT(0x12345678);
} cept.
This exploit could potentially result in the bond being locked for an indefinitely long period of time, effectively rendering the tigAsset locked and unavailable to the owner of the bond. This could have significant consequences, depending on the value and importance of the tigAsset being locked.
Tools Used
slither chat.openai.com remix ide