c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
minhquanym
commented
1 year ago Spam
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-lukso/contracts/LSP1UniversalReceiver/LSP1UniversalReceiverDelegateUP/LSP1UniversalReceiverDelegateUP.sol#L136-L176
Vulnerability details
Impact
The potential vulnerability in the _whenReceiving() function lies in the strict equality check balance == 0 within the condition if (balance == 0) return "LSP1: balance not updated";. This condition assumes that if the balance is not zero, the keys should not be updated. However, this assumption can be consequential. If the contract implementing the ILSP7DigitalAsset interface does not correctly update the balance when tokens are transferred, the condition balance == 0 may incorrectly evaluate to true. Hence, an attacker could exploit this vulnerability by manipulating the balance update process of the token contract, causing the balance to be incorrect or worse potential reentry.
Proof of Concept
https://github.com/code-423n4/2023-06-lukso/contracts/LSP1UniversalReceiver/LSP1UniversalReceiverDelegateUP/LSP1UniversalReceiverDelegateUP.sol#L170
Tools Used
Manual analysis
Recommended Mitigation Steps
To mitigate this vulnerability, it is crucial to ensure that the balance update mechanism in the ILSP7DigitalAsset contract is implemented correctly and consistently reflects the actual balance of the sender.
Assessed type
Reentrancy