search

code-423n4 / 2024-06-vultisig-findings

2 stars 0 forks source link

Non-whitelist addresses could pass the whitelist check in `checkWhitelist`. #102

Closed howlbot-integration[bot] closed 5 months ago

howlbot-integration[bot] commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-06-vultisig/blob/main/hardhat-vultisig/contracts/Whitelist.sol#L204-L228

Vulnerability details

Impact

Non-whitelist addresses could pass the whitelist check in checkWhitelist.

Proof of Concept

The check in line 216 is incorrect and could cause non-whitelist addresses pass the whitelist check. At line 216, if _allowedWhitelistIndex > 0 && _whitelistIndex[to] == 0, the to address will pass the check and not revert. However it is obvious that to address is not a whitelist address as _whitelistIndex[to] == 0.

204:    function checkWhitelist(address from, address to, uint256 amount) external onlyVultisig {
205:        if (from == _pool && to != owner()) {
206:            // We only add limitations for buy actions via uniswap v3 pool
207:            // Still need to ignore WL check if it's owner related actions
208:            if (_locked) {
209:                revert Locked();
210:            }
211:
212:            if (_isBlacklisted[to]) {
213:                revert Blacklisted();
214:            }
215:
216:@>          if (_allowedWhitelistIndex == 0 || _whitelistIndex[to] > _allowedWhitelistIndex) {
217:                revert NotWhitelisted();
218:            }
219:
220:            // // Calculate rough ETH amount for VULT amount
221:            uint256 estimatedETHAmount = IOracle(_oracle).peek(amount);
222:            if (_contributed[to] + estimatedETHAmount > _maxAddressCap) {
223:                revert MaxAddressCapOverflow();
224:            }
225:
226:            _contributed[to] += estimatedETHAmount;
227:        }
228:    }

https://github.com/code-423n4/2024-06-vultisig/blob/main/hardhat-vultisig/contracts/Whitelist.sol#L204-L228

Tools Used

VSCode

Recommended Mitigation Steps

-           if (_allowedWhitelistIndex == 0 || _whitelistIndex[to] > _allowedWhitelistIndex) {
+           if (_allowedWhitelistIndex == 0 || _whitelistIndex[to] > _allowedWhitelistIndex || _whitelistIndex[to] == 0) {
                revert NotWhitelisted();
            }

Assessed type

Invalid Validation

c4-judge commented 4 months ago

alex-ppg changed the severity to 3 (High Risk)

c4-judge commented 4 months ago

alex-ppg marked the issue as satisfactory