search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

DelegateCall used here in unsafe manner [ FILE NAME : DelegateRegistry.sol ] #244

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/delegatexyz/delegate-registry/blob/6d1254de793ccc40134f9bec0b7cb3d9c3632bc1/src/DelegateRegistry.sol#L31-L41

Vulnerability details

Impact

DelegateCall using unsafe manner and caller contract modified by logic inside of this contract and produce accounting errors.(msg.data) influenced by the caller without signature verification it leads to massive multiple accounting errors while delegately calling inside of this loop.

Proof of Concept

  1. https://github.com/delegatexyz/delegate-registry/blob/6d1254de793ccc40134f9bec0b7cb3d9c3632bc1/src/DelegateRegistry.sol#L31-L41 2.In this line caller contract take control over here.and this leads to expensive gas fees for unsafe state transaction because of multiple delegatecall with no signature verification and it leads to massive multiple accounting errors while delegately calling inside of this loop.

Tools Used

1.Manual Audit with Solidity visual developer.

Recommended Mitigation Steps

1.By using (encodeWithSignature) with in (delegateCall) and using (require) to confirm state. 2.Executing an excessive number of delegatecalls in a single transaction may exceed the block gas limit and leading to transaction failures.

Assessed type

call/delegatecall

GalloDaSballo commented 1 year ago

msg.value is never used except for flashloans which would revert on a second call

Leaving up but pretty sure this is wrong

c4-sponsor commented 1 year ago

0xfoobar (sponsor) disputed

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof