search

code-423n4 / 2023-06-lukso-findings

3 stars 1 forks source link

possible revert due to improper subtraction in _extendableMsgData() of LSP17Extension.sol #129

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L32 https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L38

Vulnerability details

Impact

in _extendableMsgData() of LSP17Extension.sol there is an arithmetic calculation 

msg.data[:msg.data.length - 52];

msg.data.length may be smaller than 52 in some instances. this can cause reverts in solidity

Proof of Concept

    function _extendableMsgData()
        internal
        view
        virtual
        returns (bytes calldata)
    {
        return msg.data[:msg.data.length - 52];
    }

https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L32-L39

Tools Used

VS CODE

Recommended Mitigation Steps

ADD CHECKS FOR MSG.DATA.LENGTH > 52 before the arithmetic

Assessed type

Math

c4-pre-sort commented 1 year ago

minhquanym marked the issue as low quality report

minhquanym commented 1 year ago

Insufficient proof

c4-pre-sort commented 1 year ago

minhquanym marked the issue as primary issue

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Insufficient proof