c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Closed c4-submissions closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/libraries/CreateOffererLib.sol#L351 https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/libraries/CreateOffererLib.sol#L358-L361
Vulnerability details
Impact
This can lead to assets being trapped in the contract or transferred improperly.
Proof of Concept
This expects and enforces that minimumReceived and maximumSpent will only have 1 element each. A malicious caller could call with arrays like: minimumReceived = [item1, item2]; maximumSpent = [item3, item4]; The contract would still only process the first elements item1 and item3. But the extra items could cause issues: • Item2 could be an expensive NFT that the caller transfers but the contract does not expect or process correctly. • Item4 could be a token/NFT intended for the caller but transferred to the contract instead. This could lead to assets being trapped in the contract or transferred improperly.
Tools Used
Manual
Recommended Mitigation Steps
The contract should enforce and validate array lengths before processing any elements
Assessed type
Other