Closed c4-submissions closed 10 months ago
GalloDaSballo marked the issue as duplicate of #84
GalloDaSballo changed the severity to 3 (High Risk)
GalloDaSballo marked the issue as satisfactory
GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-09-delegate/blob/main/src/libraries/DelegateTokenTransferHelpers.sol#L23-L24
Vulnerability details
Issue
DelegateTokenTransferHelpers::checkERC1155BeforePull()
andDelegateTokenTransferHelpers::pullERC1155AfterCheck()
perform "set and check" operations onerc1155Pulled.flag
which will always revert. In the first function, the value oferc1155Pulled.flag
is set toERC1155_PULLED
, and in the second function, it reverts if the value oferc1155Pulled.flag
is set toERC1155_PULLED
.Code snippet from
DelegateTokenTransferHelpers::checkERC1155BeforePull()
:Code snippet from
DelegateTokenTransferHelpers::pullERC1155AfterCheck()
:The
DelegateTokenTransferHelpers::checkAndPullByType()
function calls the above two methods back to back, and hence theDelegateTokenTransferHelpers::checkAndPullByType()
function call for ERC1155 is bound to revert every time.Impact
DelegateTokenTransferHelpers::checkAndPullByType()
is called from theDelegateToken::create()
function. TheDelegateToken::create()
is the function where new Delegation and Principal tokens are created for the different kind of tokens. BecauseDelegateTokenTransferHelpers::checkAndPullByType()
will revert, it will causeDelegateToken::create()
to revert as well for ERC1155, thereby making the protocol not work for ERC1155.Proof of Concept
Below is a proof of concept that can be run on Remix directly. The proof of concept below is the minimal setup extracted from the actual codebase to simulate the issue.
Tools Used
Manual analysis
Recommended Mitigation Steps
Update the the functions
DelegateTokenTransferHelpers::checkERC1155BeforePull()
andDelegateTokenTransferHelpers::pullERC1155AfterCheck()
so that the first function doesn't set values which make the second function revert.Assessed type
Other