c4-bot-6 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L628 https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/YieldToken.sol#L101

Vulnerability details

Impact

Passing an arbitrary from address to transferFrom (or safeTransferFrom) can lead to loss of funds, because anyone can transfer tokens from the from address if an approval is made.

Vulnerability Details

Found in src/tokens/PrincipalToken.sol Line: 628

        IERC20(ibt).safeTransferFrom(address(_receiver), address(this), _amount + fee);

Found in src/tokens/YieldToken.sol Line: 101

        return super.transferFrom(from, to, amount);

Proof of Concept

Tools Used

Manual Analysis

Assessed type

Token-Transfer

c4-pre-sort commented 9 months ago

gzeon-c4 marked the issue as insufficient quality report

gzeoneth commented 9 months ago

it need be a flashloan receiver

c4-judge commented 8 months ago

JustDravee marked the issue as unsatisfactory: Invalid

code-423n4 / 2024-02-spectra-findings

Arbitrary `from` passed to `transferFrom` (or `safeTransferFrom`) #267