GalloDaSballo
commented
1 year ago In what way is this a vulnerability?
Closed c4-submissions closed 1 year ago
GalloDaSballo
commented
1 year ago In what way is this a vulnerability?
c4-sponsor
commented
1 year ago 0xfoobar (sponsor) disputed
0xfoobar
commented
1 year ago Wrong. It's implementing a specific interface, warden did not even do the slightest investigation into how the protocol works
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L71-L80
Vulnerability details
Impact
In ratifyOrder there is no need for array for SpentItem[] and ReceivedItem[] calldata consideration Single object can be used, there is use of the array
Proof of Concept
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L71-L80
The single variable can be used instead of offer[0].identifier and consideration[0] Array is never used just for getting the [0] value
Tools Used
Github
Recommended Mitigation Steps
The single variable can be used
Assessed type
Invalid Validation