howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/main/src/HooksFactory.sol#L418-L424

Vulnerability details

Impact

Market deployment revert if originationFeeAsset does not support 0 value transfer while originationFeeAmount is 0

Proof of Concept

The owner of ArchController can add a hook template by calling HooksFactory#addHooksTemplate(). A borrower can create their own hook instance with any active hook template. When a borrower launch a new market, they might need to pay an origination fee:

418:    if (originationFeeAsset != address(0)) {
419:      originationFeeAsset.safeTransferFrom(
420:        msg.sender,
421:        templateDetails.feeRecipient,
422:        originationFeeAmount
423:      );
424:    }

However, if originationFeeAsset does not support 0 value transfer, and originationFeeAmount is 0, originationFeeAsset.safeTransferFrom() will revert and the market deployment will fail.

Tools Used

Manual review

Recommended Mitigation Steps

Transfer originationFeeAsset only when originationFeeAmount is not 0:

-   if (originationFeeAsset != address(0)) {
+   if ((originationFeeAsset != address(0)) && (originationFeeAmount != 0)) {
      originationFeeAsset.safeTransferFrom(
        msg.sender,
        templateDetails.feeRecipient,
        originationFeeAmount
      );
    }

Assessed type

Token-Transfer

3docSec commented 1 month ago

Revert on zero value transfers is out of scope as per README

c4-judge commented 1 month ago

3docSec marked the issue as unsatisfactory: Invalid

code-423n4 / 2024-08-wildcat-findings

`HooksFactory#_deployMarket‎()` didn't check if `originationFeeAmount` is zero or not #94