Closed c4-submissions closed 7 months ago
141345 marked the issue as sufficient quality report
141345 marked the issue as primary issue
a2rocket (sponsor) disputed
The Warden specifies that an administrator can "accept" percentages that were never proposed (i.e. full of 0
entries) to take advantage of the payArtist
function with their own recipients.
As per the proposePrimaryAddressesAndPercentages
and proposeSecondaryAddressesAndPercentages
implementations of the MinterContract
, both the function administrator and artist members can propose percentages, etc. The Sponsor has evidenced in a separate exhibit that this case is deliberate in case the artist loses access to their account for one reason or another (#522).
As such, I consider this exhibit invalid given that the administrator is considered an entirely trusted party concerning payments made within the payArtist
function.
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-nextgen/tree/main/smart-contracts/MinterContract.sol#L408 https://github.com/code-423n4/2023-10-nextgen/tree/main/smart-contracts/MinterContract.sol#L418
Vulnerability details
Impact
The vulnerability in the payment mechanism of the smart contract significantly impacts the protocol's functionality. The root cause of the vulnerability is that, despite the README stating an invariant that "Payments can only be made when royalties are set, the artist proposes addresses and percentages, and an admin approves them," poorly managed status control allows the admin to accept addresses and percentages without requiring an artist's proposal. This oversight breaks the stated invariants and has several negative consequences.
Proof of Concept
To demonstrate this vulnerability, an admin can accept addresses and percentages without requiring an artist's proposal, resulting in unauthorized royalty payments to the team wallet.
payArtist
function.Tools Used
Manual Review
Recommended Mitigation Steps
To mitigate this issue, it is recommended to extend the status control mechanism into multiple stages, such as "INIT," "PERCENTAGE_SPLIT_SET," "ARTIST_PROPOSED," and "PERCENTAGE_ACCEPTED," and control the state flow properly. This will ensure that payments are made only when royalties are set, the artist proposes addresses and percentages, and an admin approves them, as specified in the README.
Assessed type
Other