c4-pre-sort
commented
8 months ago raymondfam marked the issue as insufficient quality report
Closed c4-bot-5 closed 8 months ago
c4-pre-sort
commented
8 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
8 months ago raymondfam marked the issue as duplicate of #301
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/OceanAdapter.sol#L99
Vulnerability details
Impact
The lack of validation on interactionType could allow invalid values, potentially leading to unexpected interaction IDs. Additionally, if interactionType exceeds 8 bits, it could cause an overflow issue, potentially altering the token address within the interaction ID.
Proof of Concept
To demonstrate this vulnerability, passing an interactionType value larger than 255 (8-bit) can trigger an overflow, potentially altering the generated interaction ID.
Tools Used
Recommended Mitigation Steps
function _fetchInteractionId(address token, uint256 interactionType) internal pure returns (bytes32) { require(interactionType <= 255, 'Invalid interactionType'); // Validate interactionType uint256 packedValue = uint256(uint160(token)); packedValue |= interactionType << 248; // Ensure interactionType fits into 8 bits return bytes32(packedValue); }
Assessed type
Math