Closed c4-submissions closed 10 months ago
raymondfam marked the issue as low quality report
raymondfam marked the issue as duplicate of #321
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as duplicate of #198
MiloTruck marked the issue as not a duplicate
MiloTruck marked the issue as unsatisfactory: Invalid
Warden doesn't seem to understand what build()
is meant to be used for.
My ChatGPT senses are tingling...
Lines of code
https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/contracts/proxies/Vault721.sol#L77
Vulnerability details
Impact
The ability to freely deploy
ODProxy
contracts through theVault721
contract'sbuild
function represents a significant security vulnerability. Exploitation of this vulnerability could lead to:Unauthorized Actions: Malicious actors could deploy proxies for unsuspecting users, allowing them to perform actions on behalf of those users without their consent. This action breaches the access control mechanisms intended by the system.
Asset Misappropriation: With control over a user's proxy, an attacker could potentially access, manipulate, or transfer the victim's assets or funds stored within the system.
Value Distortion: The potential exists for debt to be minted against an NFV in the same transaction as its transfer. This capability could mislead potential buyers regarding the actual value of an NFV.
System Trust Erosion: Such a vulnerability undermines the fundamental guarantees the system aims to provide, like ensuring that only NFV owners can mint debt against it. This flaw could lead to a loss of user trust and confidence in the platform's security and reliability.
In essence, the vulnerability poses significant financial, operational, and reputational risks to the platform and its users.
Proof of Concept
Code References:
build
function: This link points to the specific line in theVault721
contract where thebuild
function is defined, highlighting the absence of appropriate checks.ODProxy
contract, showing its minimalistic design and how it can be exploited if deployed maliciously.Tools Used
VS code
Recommended Mitigation Steps
build
function in theVault721
contract to include checks ensuring that only the rightful owner or authorized individuals can deploy anODProxy
.The placeholder /NFV_ID/ should be replaced with the appropriate mechanism to fetch the NFV ID related to the user. This assumes that ownerOf is a function provided by the ERC721 standard that gets the owner of a specific token ID. The check ensures that the sender is indeed the owner of the NFV before allowing them to deploy a proxy.
Enhance Access Control:
Audit SafeManager:
SafeManager
contract is resistant to reentrancy attacks and that it properly interacts withODProxy
and other contracts.Introduce Rate Limiting:
Monitoring and Alerts:
Emergency Shutdown Mechanism:
By implementing these steps, the platform can significantly reduce the risks associated with the current vulnerability and bolster its overall security posture.
Assessed type
Access Control