search

code-423n4 / 2024-01-renft-findings

2 stars 0 forks source link

Delegate Call Restriction #517

Closed c4-bot-3 closed 10 months ago

c4-bot-3 commented 10 months ago

Lines of code

https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/policies/Guard.sol#L324

Vulnerability details

if (operation == Enum.Operation.DelegateCall && !STORE.whitelistedDelegates(to)) {
    revert Errors.GuardPolicy_UnauthorizedDelegateCall(to);
}

Mitigation

// Implement strict controls for delegate calls
function _validateDelegateCall(address to) private view {
    require(STORE.whitelistedDelegates(to), "Delegate call not allowed to this address");

    // Additional checks can be added here to ensure the integrity of the delegate call
    // For example, checking the contract's code hash against a known good hash
    bytes32 codeHash = keccak256(abi.encodePacked(to));
    require(codeHash == STORE.knownGoodCodeHash(to), "Unknown or changed delegate call target");
}

// Use the new validation function in the check
if (operation == Enum.Operation.DelegateCall) {
    _validateDelegateCall(to);
}

Impact

The impact of an unrestricted delegate call can be severe, as it could lead to the compromise of the contract's state, allowing an attacker to drain funds or manipulate the contract's behavior. The mitigation code introduces additional checks to validate the integrity of the delegate call target, ensuring that only known and trusted code can be executed in the context of the contract. This reduces the risk associated with delegate calls and helps maintain the security of the system.

Assessed type

call/delegatecall

c4-pre-sort commented 10 months ago

141345 marked the issue as insufficient quality report

c4-judge commented 10 months ago

0xean marked the issue as unsatisfactory: Insufficient quality