Blacklisting a bonding curve does not stop existing shares from operating with it, only ones not yet created. In a scenario where a bonding curve contract was found to not be working as intended and later blacklisted by an admin, the affected shares would still remain in circulation.
Proof of Concept
Go to 1155tech-contracts/src/test/Market.t.sol and place the test case snippet after the setUp function, then run the test suite:
This will create a share, blacklist the bonding curve and then buy an amount of that share. This will execute successfully and is possible with: buy(), sell(), mintNFT(), and burnNFT().
Tools Used
Manual Analysis
Recommended Mitigation Steps
The simplest solution I can think of is enforcing the following condition in all affected functions:
require(whitelistedBondingCurves[_bondingCurve], "Bonding curve not whitelisted");
However, this introduces a centralization risk that the protocol might not want to have.
Lines of code
https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L150 https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L174 https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L203 https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L226
Vulnerability details
Impact
Blacklisting a bonding curve does not stop existing shares from operating with it, only ones not yet created. In a scenario where a bonding curve contract was found to not be working as intended and later blacklisted by an admin, the affected shares would still remain in circulation.
Proof of Concept
Go to
1155tech-contracts/src/test/Market.t.sol
and place the test case snippet after thesetUp
function, then run the test suite:This will create a share, blacklist the bonding curve and then buy an amount of that share. This will execute successfully and is possible with:
buy()
,sell()
,mintNFT()
, andburnNFT()
.Tools Used
Manual Analysis
Recommended Mitigation Steps
The simplest solution I can think of is enforcing the following condition in all affected functions:
However, this introduces a centralization risk that the protocol might not want to have.
Assessed type
Invalid Validation