Closed c4-submissions closed 10 months ago
raymondfam marked the issue as low quality report
raymondfam marked the issue as duplicate of #129
alex-ppg marked the issue as not a duplicate
The Warden appears to not have a proper understanding of how post-fix / pre-fix increment / decrement operators are parsed in Solidity. Specifically:
mapping(uint256 => mapping(address => uint256) public foo;
// The following statement
++foo[5][msg.sender];
// Actually parses to the following
foo[5][msg.sender] = foo[5][msg.sender] + 1;
// Regardless of the context the post-fix / pre-fix operator is identified in
As such, the nonce will actually increment as expected and properly update the executorNonce
mapping.
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/a6424230052fc47c4215200c19a8eef9b07dfccc/contracts/src/core/ExecutorPlugin.sol#L131
Vulnerability details
Impact
the nonce value is not increasing everytime
The nonce value is used to create the TypeHashHelper.Transaction struct that's passed to the _buildTransactionStructHash function. The actual value of executorNonce[execRequest.account][execRequest.executor] is incremented and stored in the _transactionStructHash, but it doesn't affect the value of executorNonce outside of this function.
So, executorNonce[execRequest.account][execRequest.executor] will not be updated in the external state by this code. It will be increased only within the context of creating the Transaction struct and computing the _transactionStructHash. The original mapping value will remain unchanged in the external state.
AND IT WILL BE SAME FOR EVER
Proof of Concept
Tools Used
vscode
Recommended Mitigation Steps
bytes32 _transactionStructHash =
cause it doesn't increase it as external it just put ++ increased value of post value same value everytimeAssessed type
Other