search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

Race condition vulnerability in `positionManager ` minting function #458

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/PositionManager.sol#L227-L241

Vulnerability details

Impact

race condition vulnerability can result in the issuance of duplicate token IDs. When multiple transactions are executed in quick succession attempting to mint tokens, they may end up being assigned the same ID due to a shared counter or variable used to generate new IDs. Malicious actors can exploit this vulnerability by rapidly executing transactions to take advantage of the race condition and potentially steal assets

Proof of Concept

    function mint(
        MintParams calldata params_
    ) external override nonReentrant returns (uint256 tokenId_) {
        tokenId_ = _nextId++;

tokenID generation relies on a counter,if multiple transactions are executed rapidly issuance of duplicate token IDs will arise.

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/PositionManager.sol#L227-L241

Tools Used

Manual analysis

Recommended Mitigation Steps

Implement proper synchronization techniques such as using mutex locks. Additionally, it may be advisable to use a random number generator to generate token IDs instead of relying on a shared counter .

Assessed type

Context

MikeHathaway commented 1 year ago

State changes in Ethereum are synchronous. Based upon the order in the block it will return the correct state. Non issue.

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid