search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

Function DelegateRegistry#sweep() send all native token to address(0) #323

Closed c4-submissions closed 10 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/delegatexyz/delegate-registry/blob/6d1254de793ccc40134f9bec0b7cb3d9c3632bc1/src/DelegateRegistry.sol#L154

Vulnerability details

Impact

Protocol's owner will losing all the tipping because function sweep() will send all the native token of the DelegateRegistry contract to address(0)

Proof of Concept

Code of function sweep():

    function sweep() external {
        // TODO: Replace this with correct address at deployment time
        // This hardcoded address is a CREATE2 factory counterfactual smart contract wallet that will always accept native token transfers
        uint256 sc = uint256(uint160(0x0000000000000000000000000000000000000000));
        assembly ("memory-safe") {
            let result := call(gas(), sc, selfbalance(), 0, 0, 0, 0)
        }
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Send it to the owner address

Assessed type

Other

c4-judge commented 11 months ago

GalloDaSballo marked the issue as duplicate of #359

c4-judge commented 11 months ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 11 months ago

This previously downgraded issue has been upgraded by GalloDaSballo

c4-judge commented 11 months ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 10 months ago

GalloDaSballo marked the issue as grade-c