c4-pre-sort
commented
8 months ago raymondfam marked the issue as insufficient quality report
Closed c4-bot-1 closed 8 months ago
c4-pre-sort
commented
8 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
8 months ago raymondfam marked the issue as duplicate of #301
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/OceanAdapter.sol#L108
Vulnerability details
Impact
The use of abi.encodePacked without padding might introduce ambiguity in situations where input lengths are not fixed. Additionally, assuming tokenId can be any uint256 value without enforcing constraints could lead to unexpected behavior if constraints exist on the size or format of the tokenId.
Proof of Concept
Though not directly exploitable in this case, the lack of input length constraints and assumptions about tokenId could potentially lead to issues if requirements change or additional constraints are introduced.
Tools Used
Recommended Mitigation Steps
Consider explicitly documenting the assumptions about the input lengths and tokenId format. If constraints exist, enforce them in the function with appropriate validation checks.
function _calculateOceanId(address tokenAddress, uint256 tokenId) internal pure returns (uint256) { // Explicitly document assumptions about input lengths // If there are constraints on tokenId, enforce them // Example: Enforce tokenId length or format constraints require(tokenId <= type(uint256).max, 'Invalid tokenId'); // Rest of the function... return uint256(keccak256(abi.encodePacked(tokenAddress, tokenId))); }
Assessed type
Invalid Validation