In transferFrom() address "from" can be put of contract address and bypass Errors.FromNotCreateOfferer(from)

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L89-L166

Vulnerability details

Impact

In transferFrom() address "from" can be put of contract address and bypass Errors.FromNotCreateOfferer(from)

Proof of Concept

https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L89-L166

the code should be

• function transferFrom(address from, address targetTokenReceiver, uint256 createOrderHashAsTokenId) external..

• function transferFrom(address targetTokenReceiver, uint256 createOrderHashAsTokenId) external..

  • if (from != address(this)) revert Errors.FromNotCreateOfferer(from);
  • if (msg.sender != address(this)) revert Errors.FromNotCreateOfferer(msg.sender);

variable from is not used again in function. It should be replaced by msg.sender

Tools Used

Github, vs code

Recommended Mitigation Steps

Variable "from" should be replaced by msg.sender and should be removed from parameter

Assessed type

Other

[c4-judge]

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof

[GalloDaSballo]

Should have sent more info, this can only be called in a certain stage which ensures the call is not forged

Please consider sending a Coded POC to avoid this happening