c4-judge
commented
6 months ago gzeon-c4 marked the issue as satisfactory
Open c4-bot-10 opened 6 months ago
c4-judge
commented
6 months ago gzeon-c4 marked the issue as satisfactory
c4-judge
commented
6 months ago gzeon-c4 marked the issue as confirmed for report
Lines of code
Vulnerability details
Vulnerability
The original vulnerability involved a potential DOS attack when stopping a rental involving ERC-777 tokens. The root cause was the possibility of ERC-777 tokens to be used as payment tokens, which would have allowed a renter to revert in the
tokensReceived()hook upon receiving payment for a PAY order, hence preventing the lender from recovering their assets.Mitigation
A token whitelist for rentals and payments has been introduced. As per the mitigation documentation, no
ERC-777or other "non-standard" (e.g. with hooks) tokens will be whitelisted for payments. This approach prevents ERC-777 tokens from being used in the rental process, effectively addressing the original issue by eliminating the possibility of their involvement.Suggestion
While the current mitigation effectively addresses the specific issue with ERC-777 tokens, it's important to ensure that all tokens used within the system are evaluated for similar vulnerabilities.
Conclusion
The mitigation effectively addresses the original vulnerability by excluding ERC-777 tokens from the rental process.