Open howlbot-integration[bot] opened 2 months ago
koolexcrypto marked the issue as not a duplicate
koolexcrypto marked the issue as primary issue
koolexcrypto marked the issue as satisfactory
koolexcrypto marked the issue as selected for report
Hi @koolexcrypto Sorry for dropping a comment now, but this is a completely invalid issue. The entropySlots
will be initialized just after the deployment. This is confirmed by the deploy script
Hi @koolexcrypto Sorry for dropping a comment now, but this is a completely invalid issue. The
entropySlots
will be initialized just after the deployment. This is confirmed by the deploy script
Please check this for more context:
https://github.com/code-423n4/2024-07-traitforge-validation/issues/945
Thanks @koolexcrypto . The validity of this issue is based on the timeframe after deployment where the entropies are not initialized, as stated by the sponsor:
this is a valid issue as there could be a timeframe where there is not initialised entropy. better yet, we should put a batch in constructor to be sure of mitigation.
However, this information was not accessible during the contest and the deployment script I pointed out above contradicts this fact and demonstrates that entropies will be initiated just after the deployment
Thanks for considering this one more time.
I will not drop further comments
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntropyGenerator/EntropyGenerator.sol#L103
Vulnerability details
Title
Potential Uninitialized
entropySlots
Reading ingetNextEntropy
Impact
The
getNextEntropy
function can be called at any time without waiting for the write entropy batches process to finish. This could lead to the function returning an uninitialized entropy value of000000
, resulting in users losing funds to mint useless tokens and not being eligible for future airdrops as they get 0 shares. This vulnerability can severely impact the users' trust and the protocol's functionality.Proof of Concept
POC
Apply following POC via
git apply POC.patch
and runyarn test
. The test confirmsgetNextEntropy
did return entropy 0 instead of revert.Tools Used
Hardhat
Recommended Mitigation Steps
Only allow
getNextEntropy
call ifcurrentSlotIndex < lastInitializedIndex
to ensure that the entropy slots are properly initialized:Assessed type
Other