c4-pre-sort
commented
7 months ago bytes032 marked the issue as insufficient quality report
Closed c4-bot-7 closed 6 months ago
c4-pre-sort
commented
7 months ago bytes032 marked the issue as insufficient quality report
alex-ppg
commented
6 months ago The Warden specifies that input sanitization is missing in an administrator function; such findings cannot constitute HM vulnerabilities per the relevant SC verdict.
c4-judge
commented
6 months ago alex-ppg marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/seer.cairo#L135-L154
Vulnerability details
Impact
The set_oracles function allows setting oracle addresses to zero, potentially leading to unexpected behavior and security vulnerabilities. Attackers could exploit this vulnerability to manipulate the oracle addresses, affecting the normal operation of the smart contract.
Proof of Concept
https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/seer.cairo#L135-L154
line 142 can set oracle address zero.
File: /code4rena/2024-01-opus/src/core/seer.cairo 135: fn set_oracles(ref self: ContractState, mut oracles: Span) {
136: self.access_control.assert_has_role(seer_roles::SET_ORACLES);
137:
138: let mut index: u32 = LOOP_START;
139: loop {
140: match oracles.pop_front() {
141: Option::Some(oracle) => {
142: self.oracles.write(index, IOracleDispatcher { contract_address: *oracle }); // bug,may be zero address
143: index += 1;
144: },
Tools Used
Manual review
Recommended Mitigation Steps
assert(oracle.is_non_zero() ,'Address cannot be 0');
Assessed type
Other