This contract is vulnerable to unauthorized access allowing attackers to perform malicious activity like draining tokens from the contract due to lack of proper access control
Proof of Concept
If an attacker calls the function manageTokens() with malicious input parameters including a token address and a trade kind, it would result in a critical compromise of the contract e.g
Now when you call the vulnerable functions with these malicious parameters the attacker gets to compromise the contract and drain tokens from the contract as the function will execute the token management operation without validating the attacker's authorization
Tools Used
Slither auditing tool
Recommended Mitigation Steps
To mitigate this vulnerability onlyAuthorized modifier should be used to prevent prevent unauthorized access.
A require statement should also be included to check if the token management is authorized
function manageTokens(IERC20[] calldata erc20s, TradeKind[] calldata kinds) external onlyAuthorized nonReentrant notTradingPausedorFrozen {
require(erc20s.length == kinds.length, "Invalid input lengths");
for (uint256 I= 0; i < erc20s.length; i++) {
require(erc20s[i].isAuthorized(msg.sender), "Unauthorized token access");
}
// token management code continues here
}
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/RevenueTrader.sol#L109-L113
Vulnerability details
Impact
This contract is vulnerable to unauthorized access allowing attackers to perform malicious activity like draining tokens from the contract due to lack of proper access control
Proof of Concept
If an attacker calls the
function manageTokens()
with malicious input parameters including a token address and a trade kind, it would result in a critical compromise of the contract e.gNow when you call the vulnerable functions with these malicious parameters the attacker gets to compromise the contract and drain tokens from the contract as the function will execute the token management operation without validating the attacker's authorization
Tools Used
Slither auditing tool
Recommended Mitigation Steps
To mitigate this vulnerability
onlyAuthorized
modifier should be used to prevent prevent unauthorized access. Arequire
statement should also be included to check if the token management is authorizedAssessed type
Access Control