Open c4-bot-5 opened 6 months ago
H-02: An attacker is able to hijack any ERC721 / ERC1155 he borrows because guard is missing validation on the address supplied to function call setFallbackHandler()
setFallbackHandler()
Safe owners were able to set a fallback handler for their wallets. With that they were able to call any function on any contract as it bypassed the Guard checks. They could for example transfer NFTs out of the wallet.
PR-4: setFallbackHandler() was disabled
0xf08a0323
cast sig "setFallbackHandler(address)"
Factory
Successful Mitigation
gzeon-c4 marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
H-02: An attacker is able to hijack any ERC721 / ERC1155 he borrows because guard is missing validation on the address supplied to function call
setFallbackHandler()
Comments
Safe owners were able to set a fallback handler for their wallets. With that they were able to call any function on any contract as it bypassed the Guard checks. They could for example transfer NFTs out of the wallet.
Mitigation
PR-4:
setFallbackHandler()
was disabled0xf08a0323
function signature corresponds to the expected:cast sig "setFallbackHandler(address)"
.Factory
contract. Setup can't be called twice.Conclusions
Successful Mitigation