search

code-423n4 / 2023-03-zksync-findings

6 stars 1 forks source link

No revert when value > MAX_MSG_VALUE #173

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/MsgValueSimulator.sol#L55

Vulnerability details

Impact

This makes it theoretically possible for user a to send more than MAX_MSG_VALUE

Proof of Concept

https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/MsgValueSimulator.sol#L55

        if (value > MAX_MSG_VALUE) {
            // The if above should never be true, since noone should be able to have
            // MAX_MSG_VALUE wei of ether. However, if it does happen for some reason,
            // we will revert(0,0).
            // Note, that we use raw revert here instead of `panic` to emulate behaviour close to
            // the EVM's one, i.e. returndata should be empty.
            assembly {
                return(0, 0)
            }
        }

The comments do not match the implementation aswell.

Tools Used

Manual Review

Recommended Mitigation Steps

Just implement it the way that is described in the comments.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #23

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

GalloDaSballo commented 1 year ago

L

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c