Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L32 https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L38
in _extendableMsgData() of LSP17Extension.sol there is an arithmetic calculation
msg.data[:msg.data.length - 52];
msg.data.length may be smaller than 52 in some instances. this can cause reverts in solidity
function _extendableMsgData() internal view virtual returns (bytes calldata) { return msg.data[:msg.data.length - 52]; }
https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L32-L39
VS CODE
ADD CHECKS FOR MSG.DATA.LENGTH > 52 before the arithmetic
Math
minhquanym marked the issue as low quality report
Insufficient proof
minhquanym marked the issue as primary issue
trust1995 marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L32 https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L38
Vulnerability details
Impact
in _extendableMsgData() of LSP17Extension.sol there is an arithmetic calculation
msg.data.length may be smaller than 52 in some instances. this can cause reverts in solidity
Proof of Concept
https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP17ContractExtension/LSP17Extension.sol#L32-L39
Tools Used
VS CODE
Recommended Mitigation Steps
ADD CHECKS FOR MSG.DATA.LENGTH > 52 before the arithmetic
Assessed type
Math