Closed c4-submissions closed 12 months ago
GalloDaSballo marked the issue as unsatisfactory: Insufficient proof
Should have sent more info, this can only be called in a certain stage which ensures the call is not forged
Please consider sending a Coded POC to avoid this happening
Lines of code
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L89-L166
Vulnerability details
Impact
In transferFrom() address "from" can be put of contract address and bypass Errors.FromNotCreateOfferer(from)
Proof of Concept
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L89-L166
the code should be
function transferFrom(address targetTokenReceiver, uint256 createOrderHashAsTokenId) external..
variable from is not used again in function. It should be replaced by msg.sender
Tools Used
Github, vs code
Recommended Mitigation Steps
Variable "from" should be replaced by msg.sender and should be removed from parameter
Assessed type
Other