Closed code423n4 closed 1 year ago
Anyone can perform the call, they are authorized because the signature allows them to
If they send value, they are paying on the signer == sender
behalf
This looks off
GalloDaSballo marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/main/src/Caller.sol#L164-L183
Vulnerability details
Impact
The function of the callsigned() function is
Makes a call on behalf of the sender.
But it does not check the direct relationship between msg.sender and the sender, and the attacker can preempt the user to call.Proof of Concept
Utilization scenario: When a user calls callsigned(), but suddenly wants to cancel it. But an attacker can monitor this operation. Executed successfully for the user
Tools Used
vscode
Recommended Mitigation Steps
Check the relationship between msg.sender and sender