Closed c4-bot-8 closed 9 months ago
Already warned as commented:
* Because poorly chosen interactions are vulnerable to economic attacks,
* calling do{Interaction|MultipleInteractions} on a user's behalf must
* require the same level of trust as direct balance transfers.
raymondfam marked the issue as primary issue
raymondfam marked the issue as insufficient quality report
0xA5DF marked the issue as unsatisfactory: Overinflated severity
Seems like a known issue/intended design
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L185-L188
Vulnerability details
Impact
The current implementation of the onlyApprovedForwarder modifier in the Ocean smart contract has several negative impacts:
Users are exposed to a significant security risk if their forwarder is compromised. An attacker can exploit full approval for all tokens and IDs to manipulate them, leading to financial losses. This can damage user trust and hinder platform adoption.
Users lack fine-grained control over who can operate their tokens and IDs. They are forced to grant blanket access, limiting their ability to manage forwarder activity effectively. This can lead to unintended consequences and hinder specific use cases requiring granular control.
Users have no easy way to determine which tokens and IDs each forwarder is authorized to operate on. This hinders monitoring and managing forwarder activity, making it difficult to detect unauthorized actions. Lack of transparency can erode user trust and confidence in the platform.
Proof of Concept
Scenario:
Code:
This test case simulates how a compromised forwarder can transfer tokens from a user's account after receiving full approval.
Logs and Significant Traces with Code:
Logs:
Transaction logs should show the approval granted by the user to the forwarder.
They should also show the transfer of tokens from the user's account to the attacker's account.
These logs can be used to identify unauthorized activities and investigate potential security breaches.
Significant Traces with Code:
Focus on the
setApprovalForAll
function and its interaction with theisApprovedForAll
function.This highlights the granting of full approval and its potential security implications. Also, analyze the
transferFrom
function executed by the compromised forwarder to - understand how unauthorized token transfers occur.Tools Used
Solidity compiler
Manual
Recommended Mitigation Steps
Develop separate approval functions for specific tokens or IDs.
This allows users to grant targeted access to forwarders for specific operations.
Code:
function approveIdForForwarder(address forwarder, uint256 id) public { // ... Grant approval for specific token ID ... }
This adds an extra layer of security and reduces the risk of unauthorized activities. By implementing these recommended mitigation steps, the smart contract can address the issues related to the
onlyApprovedForwarder
modifier and establish a more secure, flexible, and transparent forwarder approval system.Assessed type
Access Control