Closed c4-bot-10 closed 8 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #688
MarioPoneder marked the issue as unsatisfactory: Insufficient proof
MarioPoneder marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L209
Vulnerability details
Potential Risk: The
createPiece
function in theCultureIndex
contract takes two parameters:metadata
andcreatorArray
. While the function calls thevalidateCreatorsArray
andvalidateMediaType
functions to validate the input data, it does not verify whether the providedpieceId
is already used or whether it falls within a valid range. This could potentially lead to issues if the samepieceId
is reused or if it exceeds the expected range.Proof of Concept (PoC): Consider a scenario where a malicious user attempts to reuse an existing
pieceId
:// Existing piece with pieceId 1 ArtPieceMetadata memory existingMetadata; CreatorBps[] memory existingCreators;
// Attempt to create a new piece with the same pieceId createPiece(existingMetadata, existingCreators);
In this PoC, a malicious user attempts to create a new piece with the same
pieceId
as an existing one. ThecreatePiece
function does not have a check to prevent this, potentially leading to unexpected behavior.Recommended Mitigation Steps: To mitigate the risk of reusing existing
pieceId
values or exceeding valid ranges, consider adding a validation check for thepieceId
. Here's a recommended solution:function createPiece( ArtPieceMetadata calldata metadata, CreatorBps[] calldata creatorArray ) public returns (uint256) { uint256 creatorArrayLength = validateCreatorsArray(creatorArray);
}
In this solution:
pieceId
is within a valid range (less thanMAX_PIECE_ID
).pieceId
values and ensures that thepieceId
is within an expected range.By implementing this solution, you can enhance the input validation of the
createPiece
function and reduce the risk of issues related topieceId
values.Assessed type
Invalid Validation