Description:Description\
Context:
The vulnerability exists in the setOracle() function of the smart contract, which is responsible for updating the oracle address used for price feeds.
Effect:
The vulnerability allows anyone to update the oracle address, potentially leading to:
Denial of Service (DoS) attacks by setting a malicious oracle address that causes the contract to malfunction.
Price manipulation by setting an oracle address that provides fake price feeds.
Attack Scenario\
Exploitation:
Identify the vulnerable contract address.
Prepare a malicious transaction with a manipulated _amount parameter.
Send the transaction to the rebalance() function.
The contract will transfer more assets than intended, potentially leading to asset loss or excessive gas consumption.
the attacker can exploit the vulnerability by sending a malicious transaction to the vulnerable function, potentially disrupting the contract's functionality or leading to unintended behavior.
Attachments
Proof of Concept (PoC) File
Step 1: Deploy the vulnerable contract on a test network.
Step 2: Identify the contract address and the rebalance() function signature.
Step 3: Prepare a malicious transaction with a manipulated _amount parameter (e.g., 1000000 ether).
Step 4: Send the transaction to the rebalance() function.
Step 5: Verify that the contract transfers more assets than intended.
Github username: @jollytesimal001 Twitter username: @infinity50864 Submission hash (on-chain): 0xe9ee9bb429d6a0b68b8495f8b6d2a16e5b054f4ae672e53a951bb53c82aac357 Severity: medium
Description: Description\ Context: The vulnerability exists in the setOracle() function of the smart contract, which is responsible for updating the oracle address used for price feeds.
Effect: The vulnerability allows anyone to update the oracle address, potentially leading to:
Attack Scenario\
Exploitation:
the attacker can exploit the vulnerability by sending a malicious transaction to the vulnerable function, potentially disrupting the contract's functionality or leading to unintended behavior.
Attachments
Step 2: Identify the contract address and the rebalance() function signature.
Step 3: Prepare a malicious transaction with a manipulated _amount parameter (e.g., 1000000 ether).
Step 4: Send the transaction to the rebalance() function.
Step 5: Verify that the contract transfers more assets than intended.
Example Code:
contract VulnerableContract { function rebalance(address _srcOft, uint16 _dstChainId, uint256 _slippage, uint256 _amount) external { // ... vulnerable code ... } }
// Attacker's contract to exploit the vulnerability contract Attacker { function exploit() public { // Prepare malicious transaction address vulnerableContractAddress = 0x...; // Vulnerable contract address uint256 manipulatedAmount = 1000000 ether; // Manipulated _amount parameter
}