search

code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

`setUpAirdrop` overwrites existing value instead of increasing it #825

Closed c4-bot-3 closed 8 months ago

c4-bot-3 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/Neuron.sol#L127

Vulnerability details

Impact

Users can lose their current allowance by receiving an airdrop

Proof of Concept

The current setUpAirdrop implementation is flawed as it simply overwrites the current allowance for said users. 

    function setupAirdrop(address[] calldata recipients, uint256[] calldata amounts) external {
        require(isAdmin[msg.sender]);
        require(recipients.length == amounts.length);
        uint256 recipientsLength = recipients.length;
        for (uint32 i = 0; i < recipientsLength; i++) {
            _approve(treasuryAddress, recipients[i], amounts[i]);
        }
    }

This is problematic as the user could've previously had an approval from the treasury address and it would get overwritten (lost).

This could be the case if there are for example 2 airdrops and the same user is eligible for both of them. The 2nd one will overwrite the first one's value and the user will claim only the 2nd one.

Tools Used

manual review

Recommended Mitigation Steps

instead of overwriting the approval, increase it

Assessed type

Error

c4-pre-sort commented 8 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #31

c4-judge commented 8 months ago

HickupHH3 changed the severity to QA (Quality Assurance)

HickupHH3 commented 8 months ago

1R

c4-judge commented 8 months ago

HickupHH3 marked the issue as grade-c