search

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

[M-01] Dangerous use of uninitialized storage variables #14

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/5103b29e71ad0e93cbad1f555291698fa4d6676e/contracts/libraries/PublicationLib.sol#L277

Vulnerability details

Impact

M-01 Dangerous use of uninitialized storage variables

The uninitialized storage variable will contain data stored in memory which can be accessed via writing and executing a function that simply calls the value that was last in memory for Types.Publication. This will allow the attacker to manipulate the Types.Publication output and view values being passed through Types.Publication.

Bug

The vulnerable code on line 277 is depicted as follow

        Types.Publication storage _referencePub;

Proof of Concept

URL of vulnerable code line

https://github.com/code-423n4/2023-07-lens/blob/5103b29e71ad0e93cbad1f555291698fa4d6676e/contracts/libraries/PublicationLib.sol#L277

POC

 function typesPublicationFxAttack() external view {
        uint256 _referencePub;
        _referencePub = Types.Publication;
    }

 function getTypesPublicationAttack() external view returns (uint256) {
        return _referencePub;
    }

Tools Used

Mythx
Visual Studio Code
Foundry

Recommended Mitigation Steps

Initialize variable "_referencePub" or set the storage attribute "memory".

Fix

The solution or patch to the vulnerability is depicted as follow

        Types.Publication memory _referencePub;

Assessed type

Access Control

c4-pre-sort commented 1 year ago

141345 marked the issue as low quality report

141345 commented 1 year ago

Lack detailed POC about impact/loss.

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality