Closed c4-bot-4 closed 5 months ago
dmvt marked the issue as primary issue
0xRektora (sponsor) acknowledged
0xRektora marked the issue as disagree with severity
Informational. This was made purposefully. Deployment/setup are done in the same Tx.
dmvt changed the severity to QA (Quality Assurance)
dmvt marked the issue as grade-b
Lines of code
https://github.com/Tapioca-DAO/tap-token//blob/20a83b1d2d5577653610a6c3879dff9df4968345/contracts/options/oTAP.sol#L107-L110 https://github.com/Tapioca-DAO/tap-token//blob/20a83b1d2d5577653610a6c3879dff9df4968345/contracts/option-airdrop/aoTAP.sol#L117-L120
Vulnerability details
Impact
The brokerClaim function of oTAP and aoTAP can be called by anyone and become the broker, and the broker can mint oTAP and aoTAP at will. Although the deployer can manually call them when deploying the contract, this is not a good practice
Proof of Concept
https://github.com/Tapioca-DAO/tap-token//blob/20a83b1d2d5577653610a6c3879dff9df4968345/contracts/options/oTAP.sol#L107-L110 https://github.com/Tapioca-DAO/tap-token//blob/20a83b1d2d5577653610a6c3879dff9df4968345/contracts/option-airdrop/aoTAP.sol#L117-L120
Tools Used
None
Recommended Mitigation Steps
It is recommended to set the broker in the constructor of oTAP and aoTAP
Assessed type
Context