search

code-423n4 / 2023-11-canto-findings

7 stars 6 forks source link

Potential Race Condition in Rewards Calculation #509

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L150 https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L174 https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L203 https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L263

Vulnerability details

Impact

If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated.

Proof of Concept

The current implementation of the buy, sell, mintNFT, and burnNFT functions updates the rewardsLastClaimedValue mapping after the token or NFT transfer. If an attacker can execute transactions in rapid succession, they might exploit this order of operations to claim rewards based on the previous state before the rewards calculation is updated. To address this, it is recommended to update the rewardsLastClaimedValue mapping before any state-changing operations to minimize the potential for race conditions.

Tools Used

Manual analysis

Recommended Mitigation Steps

Consider updating the rewardsLastClaimedValue mapping before performing any state-changing operations, such as transferring tokens or NFTs.

Assessed type

Other

c4-pre-sort commented 11 months ago

minhquanym marked the issue as insufficient quality report

minhquanym commented 11 months ago

Invalid

c4-judge commented 11 months ago

MarioPoneder marked the issue as unsatisfactory: Insufficient proof