Closed c4-bot-2 closed 6 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #18
raymondfam marked the issue as duplicate of #575
HickupHH3 changed the severity to 3 (High Risk)
HickupHH3 marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/GameItems.sol#L208 https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/GameItems.sol#L291
Vulnerability details
Summary:
The GameItems contract represents a collection of game items used in AI Arena. These items are created by the admin calling the createGameItem function. A key feature of these items is the admin's ability to designate whether an item is transferable, a setting initially defined upon creation and adjustable thereafter. To enforce this, the GameItems contract overrides the safeTransferFrom function in the ERC1155 standard, introducing a transferability check.
However, the contract fails to apply the same restrictions to the safeBatchTransferFrom function, another transfer method provided by ERC1155. This oversight allows users to bypass the intended transfer restrictions.
Impact:
This enables users to bypass the set transfer restrictions on game items by employing the safeBatchTransferFrom method. This loophole may lead to various issues or losses for the protocol, especially if the non-transferability of an item was intended to prevent specific actions or outcomes.
Proof Of Concept
Tools Used:
Recommendation:
To align all transfer methods with the protocol's requirements, add the following function to the GameItems contract. This function will override the other safeBatchTransferFrom function, incorporating checks to prevent any bypassing of transfer restrictions:
Assessed type
Other