0xd4n1el
commented
5 months ago The if statement is correct
Closed howlbot-integration[bot] closed 5 months ago
0xd4n1el
commented
5 months ago The if statement is correct
c4-judge
commented
5 months ago koolexcrypto marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L439
Vulnerability details
Impact
The vulnerability identified in the
_validateDatafunction of thePrelaunchPointscontract can lead to unintended contract behavior. Specifically, the contract will always revert with theWrongRecipienterror due to a misleading condition in the code. This can prevent expected functionality related to token swaps and recipient validation.Proof of Concept
The vulnerability can be found in the
_validateDatafunction within thePrelaunchPointscontract:The issue arises from the condition
recipient != address(this) && recipient != address(0), which expectsrecipientto be neither the contract's address (address(this)) nor the zero address (address(0)). However, this condition does not align with the expected behavior of therecipientvariable in the context of token swaps.Impact of the Vulnerability:
truedue to the nature of recipient addresses used in token swap operations.WrongRecipienterror, regardless of the actual recipient address.Tools Used
Manual Review
Recommended Mitigation Steps
To mitigate this vulnerability, the condition in the
_validateDatafunction regarding therecipientaddress check should be revised to align with the actual use case of the recipient address in token swap scenarios. Considerations for valid recipient addresses in token swaps should be made to ensure smooth contract functionality without unnecessary reverts.Assessed type
Invalid Validation