Closed c4-bot-7 closed 6 months ago
bytes032 marked the issue as insufficient quality report
The Warden specifies that input sanitization is missing in an administrator function; such findings cannot constitute HM vulnerabilities per the relevant SC verdict.
alex-ppg marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/seer.cairo#L135-L154
Vulnerability details
Impact
The set_oracles function allows setting oracle addresses to zero, potentially leading to unexpected behavior and security vulnerabilities. Attackers could exploit this vulnerability to manipulate the oracle addresses, affecting the normal operation of the smart contract.
Proof of Concept
https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/seer.cairo#L135-L154
line 142 can set oracle address zero.
File: /code4rena/2024-01-opus/src/core/seer.cairo 135: fn set_oracles(ref self: ContractState, mut oracles: Span) {
136: self.access_control.assert_has_role(seer_roles::SET_ORACLES);
137:
138: let mut index: u32 = LOOP_START;
139: loop {
140: match oracles.pop_front() {
141: Option::Some(oracle) => {
142: self.oracles.write(index, IOracleDispatcher { contract_address: *oracle }); // bug,may be zero address
143: index += 1;
144: },
Tools Used
Manual review
Recommended Mitigation Steps
assert(oracle.is_non_zero() ,'Address cannot be 0');
Assessed type
Other