search

code-423n4 / 2024-05-loop-findings

4 stars 4 forks source link

Vulnerable tokens cannot be removed from the isTokenAllowed map #90

Closed howlbot-integration[bot] closed 3 months ago

howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-05-loop/blob/40167e469edde09969643b6808c57e25d1b9c203/src/PrelaunchPoints.sol#L364-L366

Vulnerability details

Impact

The isTokenAllowed map contains a whitelist of tokens permitted by the project team for users to lock, and tokens can be added to this whitelist through the allowToken function. However, the allowToken function can only add a specified token to the whitelist by setting isTokenAllowed[_token] to true; it does not have the capability to remove tokens from the whitelist by setting isTokenAllowed[_token] to false.

This could result in a scenario where if a token on the whitelist is found to have vulnerabilities, the PrelaunchPoints contract would not be able to remove that token from the whitelist. Consequently, users could still lock the vulnerable token in the contract, potentially exposing the PrelaunchPoints contract to attack, which in severe cases could lead to asset loss.

Tools Used

None

Recommended Mitigation Steps

To address the issue, the allowToken function could be modified as follows:

function allowToken(address _token, bool isAllowed) external onlyAuthorized {
    isTokenAllowed[_token] = isAllowed;
}

Assessed type

Other

0xd4n1el commented 4 months ago

This poses a critical risk for users in case of a malicious owner, since it can withdraw disallowed tokens

c4-judge commented 3 months ago

koolexcrypto marked the issue as primary issue

c4-judge commented 3 months ago

koolexcrypto marked the issue as unsatisfactory: Invalid