Closed c4-bot-4 closed 2 months ago
koolexcrypto marked the issue as unsatisfactory: Invalid
This is mentioned in the Bot report.
[L-4] External call recipient may consume all transaction gas
Hi @koolexcrypto, thanks for taking another look at this report!
I would like to add another comment regarding this report.
This report was similar to the validation repo's #769, which is now brought to the findings repo as #1053. This report, #1053, and the duplicates of #1053 describe that a malicious forgerOwner
can DOS the merger's forgeWithListed
function call at the forgerOwner
's will, such as by conditionally reverting its receive
function. This report is not about the forgerOwner
consuming all transaction gas.
Can this report be a duplicate of #1053?
I hope this finding along with the other mentioned finding won't be validated, they are at most QA. It's the same as the user frontrunning and cancelling his order, same impact and likelihood but that is obviously not valid as well, it's just common sense and not of any significance.
Hi @koolexcrypto, thanks for taking another look at this report!
I would like to add another comment regarding this report.
This report was similar to the validation repo's #769, which is now brought to the findings repo as #1053. This report, #1053, and the duplicates of #1053 describe that a malicious
forgerOwner
can DOS the merger'sforgeWithListed
function call at theforgerOwner
's will, such as by conditionally reverting itsreceive
function. This report is not about theforgerOwner
consuming all transaction gas.Can this report be a duplicate of #1053?
https://github.com/code-423n4/2024-07-traitforge-findings/issues/1053 was moved to the main repo, it doesn't mean it is valid automatically. As you can see, later it got invalidated
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/549e6891a6fcac4eed095b305f5cce8ca166ce51/contracts/EntityForging/EntityForging.sol#L102-L175
Vulnerability details
Impact
A
forgerOwner
can DOS another user'sforgeWithListed
function call when he does not want such user to use his listed forger token for forging even though such user should be allowed to forge with any forger token that is already listed.Proof of Concept
When calling the following
forgeWithListed
function,(bool success_forge, ) = forgerOwner.call{ value: forgerShare }('')
is executed, which calls theforgerOwner
'sreceive
function if theforgerOwner
is a contract. In suchreceive
function, theforgerOwner
can conditionally revert it if he does not want the caller of theforgeWithListed
function to use his listed forger token for forging, which causes such caller'sforgeWithListed
function call to be DOS'ed.https://github.com/code-423n4/2024-07-traitforge/blob/549e6891a6fcac4eed095b305f5cce8ca166ce51/contracts/EntityForging/EntityForging.sol#L102-L175
Tools Used
Manual Review
Recommended Mitigation Steps
Instead of reverting the
forgeWithListed
function call, such function can be updated to sendforgerShare
in WETH to theforgerOwner
if executingforgerOwner.call{ value: forgerShare }('')
reverts.Assessed type
DoS