Closed c4-submissions closed 10 months ago
https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L60 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarketToken.sol#L46
When trying to pull assets from an approver to the allowed spender, the parameters that are used for the allowance function call are not in the same order that is used later in the call to safeTransferFrom.
allowance
safeTransferFrom
File: src/market/WildcatMarket.sol 60: asset.safeTransferFrom(msg.sender, address(this), amount);
File: src/market/WildcatMarketToken.sol 46: uint256 allowed = allowance[from][msg.sender];
Reverse the order of parameters in allowance function call to fit the order that is in the safeTransferFrom function call.
Invalid Validation
minhquanym marked the issue as low quality report
Invalid
MarioPoneder marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarket.sol#L60 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/market/WildcatMarketToken.sol#L46
Vulnerability details
Impact
When trying to pull assets from an approver to the allowed spender, the parameters that are used for the
allowance
function call are not in the same order that is used later in the call tosafeTransferFrom
.Proof of Concept
Tools Used
Recommended Mitigation Steps
Reverse the order of parameters in
allowance
function call to fit the order that is in thesafeTransferFrom
function call.Assessed type
Invalid Validation