search

code-423n4 / 2024-03-revert-lend-findings

4 stars 4 forks source link

Permits have built-in replay protection and can be submitted by anyone, they can be frontrun. #100

Open c4-bot-5 opened 3 months ago

c4-bot-5 commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L423

Vulnerability details

Impact

Permits have built-in replay protection and can be submitted by anyone, they can be frontrun.

openZeppelin suggestion:

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/932fddf69a699a9a80fd2396fd1a2ab91cdda123/contracts/token/ERC20/extensions/IERC20Permit.sol#L16-L32

Tools Used

vsocde

Recommended Mitigation Steps

function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
    try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
     doThing(..., value);
 }

function doThing(..., uint256 value) public {
  token.safeTransferFrom(msg.sender, address(this), value);
    ...
}

Assessed type

ERC20

c4-pre-sort commented 3 months ago

0xEVom marked the issue as duplicate of #229

c4-pre-sort commented 3 months ago

0xEVom marked the issue as insufficient quality report

c4-judge commented 3 months ago

jhsagd76 changed the severity to QA (Quality Assurance)

c4-judge commented 3 months ago

jhsagd76 marked the issue as grade-a

c4-judge commented 3 months ago

jhsagd76 marked the issue as grade-b