search

code-423n4 / 2023-01-popcorn-findings

0 stars 0 forks source link

Missing owner check in function addTemplate in DeploymentController #790

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-popcorn/blob/main/src/vault/DeploymentController.sol#L66

Vulnerability details

Impact

Attacker can add malicous Vaults/Adatpors/Strategies template to TemplateRegistry. Attack can frontrun operator's transaction with the same templateCategory and templateId, but with a malicious Vault/Adatpor/Strategy template. If the operator does not notice his failed tx, the attacker's template may futher be actived/endorsed by operator carelessly.

Proof of Concept

As stated in the Impact.

Tools Used

Recommended Mitigation Steps

Add onlyOwner to addTemplate in DeploymentController

c4-sponsor commented 1 year ago

RedVeil marked the issue as sponsor disputed

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Overinflated severity

dmvt commented 1 year ago

Warden does not show a proof of concept. Frontrunning is part of operating on a blockchain. Working as designed.