Closed c4-bot-9 closed 4 months ago
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/chain/ethereum/contracts/THORChain_Router.sol#L209
There is check missing in transferOutV5, due to which msg.sender who haven't got appropriate allowance could potentially change the balance even when the mapping is private. Hence breaking one of the core invariants of this contract.
msg.sender
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/chain/ethereum/contracts/THORChain_Router.sol#L216
Manual review
Introduce a check that makes sure that only appropriate users can change the mapping.
Other
Lines of code
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/chain/ethereum/contracts/THORChain_Router.sol#L209
Vulnerability details
Impact
There is check missing in transferOutV5, due to which
msg.sender
who haven't got appropriate allowance could potentially change the balance even when the mapping is private. Hence breaking one of the core invariants of this contract.Proof of Concept
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/chain/ethereum/contracts/THORChain_Router.sol#L216
Tools Used
Manual review
Recommended Mitigation Steps
Introduce a check that makes sure that only appropriate users can change the mapping.
Assessed type
Other