Closed code423n4 closed 1 year ago
no loss
at most QA
141345 marked the issue as low quality report
141345 marked the issue as remove high or low quality report
donosonaumczuk marked the issue as sponsor disputed
Balance remain the same:
unchecked {
--_balances[from]; // Decreases...
++_balances[to]; // ...and Increases :)
}
Nothing from the stated is valid. I wouldn't even mark this as QA, not even OpenZeppelin (standard from the industry in terms of security) is checking for it, so self-transfers are allowed.
Picodes marked the issue as unsatisfactory: Invalid
I do agree with @donosonaumczuk on this one
Lines of code
https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/base/LensBaseERC721.sol#L408-L432
Vulnerability details
Impact
LensBaseERC721.sol#_transfer()
balances offrom
andto
are stored in temporary variables and after the subtration, addition operation the results are written to storage.from == to
the address will have extra tokens in the balance.id
, burn and transfer more than supplied assets from a pair contractProof of Concept
In LensBaseERC721.sol#_transfer() If
from == to
, the self transfer will double the_balances
.Tools Used
Manual Review
Recommended Mitigation Steps
In
LensBaseERC721.sol#__transfer()
add check:Assessed type
Other