code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

Lack of ERC1155 Token Balance Check in flashloan Smart Contract Function #335

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/main/src/DelegateToken.sol#L389

Vulnerability details

Description:

: The flashloan function in the code you provided does not check if the amount of ERC1155 tokens being flashed is available. This could lead to a situation where the function fails to complete because the caller does not have enough ERC1155 tokens to transfer. This bug pertains to the lack of a check to verify if the caller has enough ERC1155 tokens available for transfer. As a result, the function may proceed with the transfer even if the caller does not have a sufficient balance of ERC1155 tokens, potentially causing the function to fail.

Impact:

The impact of this bug is substantial and can lead to various issues:

Recommendation:

To address this , take the following steps:

1 . Locate the ERC1155 block in the flashloan function's code:

 else if (info.tokenType == IDelegateRegistry.DelegationType.ERC1155) {
     RegistryHelpers.revertERC1155FlashAmountUnavailable(delegateRegistry, info);

     // Check if the caller has enough ERC1155 tokens to transfer
     require(IERC1155(info.tokenContract).balanceOf(address(this), info.tokenId) >= info.amount, "Insufficient balance for ERC1155 transfer");

     TransferHelpers.checkERC1155BeforePull(erc1155PullAuthorization, info.amount);
     IERC1155(info.tokenContract).safeTransferFrom(address(this), info.receiver, info.tokenId, info.amount, "");
Helpers.revertOnCallingInvalidFlashloan(info);
     TransferHelpers.pullERC1155AfterCheck(erc1155PullAuthorization, info.amount, info.tokenContract, 
 info.tokenId);
 }

Implement the ERC1155 balance check as shown above. This check ensures that the caller has enough ERC1155 tokens to complete the transfer.

Tools used

Manual review

Assessed type

Invalid Validation

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid

GalloDaSballo commented 1 year ago

It would revert at the time of transfer