Closed howlbot-integration[bot] closed 3 months ago
We assume the data is correct so this should not happen, however this can apply as QA to make the contract clearer
koolexcrypto marked the issue as duplicate of #8
koolexcrypto changed the severity to 3 (High Risk)
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/40167e469edde09969643b6808c57e25d1b9c203/src/PrelaunchPoints.sol#L439
Vulnerability details
Impact
The _validateData function which is meant to prevents fund loss by verifying swap details before execution for the recipient address to be set to the zero address when _exchange is
_exchange == Exchange.UniswapV3
, which could potentially allow tokens to be sent to the zero address, resulting in a loss of funds.Proof of Concept
User initiates claim with UniswapV3 as the exchange option.
_validateData decodes the provided _data parameter.
_validateData allows for the recipient extracted from _data to be set to zero address because of
if (recipient != address(this) && recipient != address(0)) { revert WrongRecipient(recipient); }
If the recipient in _data is unintentionally the zero address, tokens are sent there irretrievably during the swap.
Tools Used
manual
Recommended Mitigation Steps
Assessed type
ERC20