Closed c4-submissions closed 10 months ago
141345 marked the issue as insufficient quality report
The Warden specifies that strict equalities should not be utilized, however, they fail to articulate why the equality referenced could lead to the formation of any form of attack.
alex-ppg marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/XRandoms.sol#L28
Vulnerability details
Impact
Use of strict equalities that can be easily manipulated by an attacker.
Proof of Concept
Using strict equalities to determine if an account has enough Ether or tokens (something that can be easily manipulated by an attacker) can lead to unexpected outcomes. For example, an attacker can send a very small amount of Ether (less than 1 wei) to a contract that checks if the balance is equal to a certain amount, and trigger a condition that should not be met.
Link :- https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/XRandoms.sol#L28 ''' function getWord(uint256 id) private pure returns (string memory) {
'''
Tools Used
Recommended Mitigation Steps
Don't use strict equality to determine if an account has enough Ether or tokens. To avoid this vulnerability, you should use inequalities or SafeMath library to compare balances or amounts. For example, instead of using require(balance == amount), you should use require(balance >= amount) or require(balance.sub(amount) >= 0)
Assessed type
Other