GalloDaSballo
commented
1 year ago Unclear why this would be a vulnerability beside the ability of the user to send value to the wrong / malicious address
Thinking QA / Invalid
Closed code423n4 closed 1 year ago
GalloDaSballo
commented
1 year ago Unclear why this would be a vulnerability beside the ability of the user to send value to the wrong / malicious address
Thinking QA / Invalid
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #319
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L583
Vulnerability details
Impact
In approveProxy() https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L583 since there are no validation checks on the proxy address, it is possible the msg sender approves either a contract with no fallback or one with a malicious fallback function. The first case leads to the ETH being lost and the second case leads to the possibility for stolen ETH.
Proof of Concept
Either: 1) User sends ETH to contract without fallback function, leading to lost ETH 2) User sends ETH to contract with malicious fallback function, leading to lost ETH
Tools Used
None
Recommended Mitigation Steps
Use a whitelist for allowed proxy contracts.