Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L338 https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L404
After LSP6KeyManagerCore._execute or LSP6KeyManagerCore._executeRelayCall is executed, non-isSetData methods that call these two methods without re-entry permission cannot be called normally
https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L338
https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L404
manual review
If (!isReentrantCall && !isSetData) is changed to if (isReentrantCall && !isSetData)
Error
Withdrawn by wangxx2026
code423n4
commented
1 year ago
Lines of code
https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L338 https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L404
Vulnerability details
Impact
After LSP6KeyManagerCore._execute or LSP6KeyManagerCore._executeRelayCall is executed, non-isSetData methods that call these two methods without re-entry permission cannot be called normally
Proof of Concept
https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L338
https://github.com/code-423n4/2023-06-lukso/blob/bd49f57c32a522563fc42feeee23c83c8b373405/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L404
Tools Used
manual review
Recommended Mitigation Steps
If (!isReentrantCall && !isSetData) is changed to if (isReentrantCall && !isSetData)
Assessed type
Error