search

code-423n4 / 2023-01-popcorn-findings

0 stars 2 forks source link

ABI mismatch when calling initialize function #817

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-popcorn/blob/main/src/vault/VaultController.sol#L132 https://github.com/code-423n4/2023-01-popcorn/blob/main/src/vault/Vault.sol#L57

Vulnerability details

Impact

This is the initialize function of contract Vault. It has 5 parameters.

    function initialize(
        IERC20 asset_,
        IERC4626 adapter_,
        VaultFees calldata fees_,
        address feeRecipient_,
        address owner
    ) external initializer {

But when calling this function in VaultController, the parameter type is struct VaultInitParams. According to docs of Solidity, struct is encoded as tuple (https://docs.soliditylang.org/en/v0.8.17/abi-spec.html#mapping-solidity-to-abi-types). This conflicts with the function definition. Which may results in memory corruption.

Proof of Concept

Tools Used

Recommended Mitigation Steps

c4-sponsor commented 1 year ago

RedVeil marked the issue as sponsor disputed

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Insufficient quality