Closed c4-bot-7 closed 7 months ago
bytes032 marked the issue as sufficient quality report
bytes032 marked the issue as duplicate of #122
alex-ppg marked the issue as duplicate of #19
alex-ppg marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/main/src/core/allocator.cairo#L136-L167
Vulnerability details
Impact
According to the allocation module implementation, it is evident that the total percent should be equal to RAY. But this can be violated by incorrectly passing duplicate recipients. This either blocks distribution of equalizer assets or distributing less than intended.
Proof of Concept
Corresponding Percentages of recipients:
Also while distribution this will be blocked as the distribution will be as follows:
Tools Used
Manual Review
Recommended Mitigation Steps
Enforce checks to validate no duplicates provided and the address is 0.
Assessed type
Invalid Validation