Closed howlbot-integration[bot] closed 3 months ago
This poses a security risk in case of malicious owner, since disallowedTokens can be withdrawn by owner
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L364
Vulnerability details
Impact
The PrelaunchPoints contract allows the owner to add support for new tokens to be locked using the
allowToken
function. However, there is no corresponding function to disallow or remove a previously allowed token. This could lead to a situation where a malicious or faulty token remains locked in the contract indefinitely, potentially causing loss of funds or unexpected behavior.Issue Description
The
allowToken
function is used by the owner to add a new token to the list of allowed tokens that can be locked in the PrelaunchPoints contract:https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L364
Once a token is allowed, users can call the
lock
orlockFor
functions to lock that token in the contract:The issue is that once a token is allowed, there is no way to disallow it. If a token that was previously considered safe turns out to be malicious or faulty (for example, if it has a hidden mint function that allows arbitrary inflation), the owner has no way to prevent further locking of that token.
This could lead to a situation where users continue to lock a bad token, potentially losing funds or causing unexpected behavior in the contract. Even if the owner detects the issue, they cannot stop the inflow of the bad token without deploying a new version of the contract.
Furthermore, if a significant amount of a malicious token gets locked before the issue is detected, those tokens will remain stuck in the contract indefinitely. This could impact the contract's ability to function properly and could also cause financial loss for users who locked the bad token.
Proof of Concept
Consider a scenario where the owner allows a new token
MaliciousToken
that seems safe at first:Users start locking
MaliciousToken
in the PrelaunchPoints contract:Later, it's discovered that
MaliciousToken
has a hidden mint function that allows arbitrary inflation. However, by this point, a significant amount ofMaliciousToken
has already been locked.The owner has no way to disallow further locking of
MaliciousToken
. Users who are unaware of the issue continue to lock the token, potentially losing funds.Moreover, the
MaliciousToken
that were locked before the issue was detected remain stuck in the PrelaunchPoints contract indefinitely.Tools Used
Manual code review
Recommended Mitigation Steps
Add a
disallowToken
function that allows the owner to remove a token from the allowed list:With this function, if a token is found to be malicious or faulty, the owner can immediately prevent further locking of that token.
Assessed type
ERC20