search

code-423n4 / 2023-10-wildcat-findings

12 stars 9 forks source link

Reversed order of parameters in allowance function call #599

Closed c4-submissions closed 10 months ago

c4-submissions commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L60 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarketToken.sol#L46

Vulnerability details

Impact

When trying to pull assets from an approver to the allowed spender, the parameters that are used for the allowance function call are not in the same order that is used later in the call to safeTransferFrom.

Proof of Concept

File: src/market/WildcatMarket.sol

60:     asset.safeTransferFrom(msg.sender, address(this), amount);

File: src/market/WildcatMarketToken.sol

46:     uint256 allowed = allowance[from][msg.sender];

Tools Used

Recommended Mitigation Steps

Reverse the order of parameters in allowance function call to fit the order that is in the safeTransferFrom function call.

Assessed type

Invalid Validation

c4-pre-sort commented 10 months ago

minhquanym marked the issue as low quality report

minhquanym commented 10 months ago

Invalid

c4-judge commented 10 months ago

MarioPoneder marked the issue as unsatisfactory: Invalid