Closed c4-bot-7 closed 8 months ago
https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L406https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L257 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Dispenser.sol#L104 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L298 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L1067
Double Topup via claimOwnerIncentives-> depositServiceDonationsETH -> checkpoint -> claimOwnerIncentives loop
claimOwnerIncentives
depositServiceDonationsETH
checkpoint
-> Deploys Attacking Smart Contract -> Executes 1st transaction via Attacking Contract to trigger depositServiceDonationsETH -> Execute 2nd transaction via Attacking Contract to trigger:
Executes 1st transaction
Attacking Contract
Execute 2nd transaction
1st
Manual review
Add x entrancy checks
Reentrancy
alex-ppg marked the issue as insufficient quality report
dmvt marked the issue as unsatisfactory: Insufficient proof
dmvt marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L406https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L257 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Dispenser.sol#L104 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L298 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L1067
Vulnerability details
Impact
Double Topup via
claimOwnerIncentives
->depositServiceDonationsETH
->checkpoint
->claimOwnerIncentives
loopProof of Concept
-> Deploys Attacking Smart Contract ->
Executes 1st transaction
viaAttacking Contract
to triggerdepositServiceDonationsETH
->Execute 2nd transaction
viaAttacking Contract
to trigger:claimOwnerIncentives
// for 1st topup [ 1 ]depositServiceDonationsETH
on fallback // to update service lastespoch & pendingTopup [ 2 ]checkpoint
on fallback //to update epoch [ 3 ]1st
claimOwnerIncentives
completesclaimOwnerIncentives
again //for 2nd topup [ 4 ]Tools Used
Manual review
Recommended Mitigation Steps
Add x entrancy checks
Assessed type
Reentrancy