search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

Hardcoded Zero Address in sweep() Function #288

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/delegatexyz/delegate-registry/blob/6d1254de793ccc40134f9bec0b7cb3d9c3632bc1/src/DelegateRegistry.sol#L151-L158

Vulnerability details

Impact

In the sweep() function one important address is hardcoded to zero with a note to change it later at deployment but the deployment script just deploys the contract without any mentions of replacing the address with the correct one.

Proof of Concept

    function sweep() external {
        // TODO: Replace this with correct address at deployment time
        // This hardcoded address is a CREATE2 factory counterfactual smart contract wallet that will always accept native token transfers
        uint256 sc = uint256(uint160(0x0000000000000000000000000000000000000000));
        assembly ("memory-safe") {
            let result := call(gas(), sc, selfbalance(), 0, 0, 0, 0)
        }
    }

Tools Used

Manual

Recommended Mitigation Steps

either add a constructor and a state variable to assign the correct address at deploying time or hardcode the correct address.

Assessed type

Other

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #359

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

This previously downgraded issue has been upgraded by GalloDaSballo

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)