XO- Unchecked Completion in _complete() Function Enables Rewards Theft
Summary
The vulnerability make the function does not validate the programId parameter, allowing an attacker to call the _complete() function with an invalid programId. As a result, the function completes a program that doesn't exist, this lead to steal token from users.
There is s a vulnerability in the _complete function, the issue is that this line versionComplete = self.programs[programId].complete(product, self.programInfos[programId]); does not check to see if the programId is valid, means that an attacker could call the _complete() function with an invalid programId, and the function would complete a program that does not exist.
Impact
An attacker could create an invalid programId and then call the _complete() function with that invalid programId. The function would then complete the invalid program, which would allow the attacker to steal rewards from the contract.
An attacker could manipulate the market to create an invalid programId. For example, the attacker could buy up all of the tokens for a particular program, which would effectively make the program invalid. The attacker could then call the _complete() function with the invalid programId and steal rewards from the contract.
adding require(valid(self, programId)); to the _complete() function,this can help to ensure that the function is effective and that it cannot be bypassed by an attacker.
XDZIBEC
high
XO-
UncheckedCompletion in_complete()Function Enables Rewards TheftSummary
programIdparameter, allowing an attacker to call the_complete()function with an invalidprogramId.As a result, the function completes a program that doesn't exist, this lead to steal token from users.Vulnerability Detail
versionComplete = self.programs[programId].complete(product, self.programInfos[programId]);does not check to see if theprogramIdis valid, means that an attacker could call the_complete()function with an invalidprogramId,and the function would complete a program that does not exist.Impact
_complete()function with that invalidprogramId.The function would then complete the invalid program, which would allow the attacker to steal rewards from the contract.programId.For example, the attacker could buy up all of the tokens for a particular program, which would effectively make the program invalid. The attacker could then call the_complete()function with the invalidprogramIdand steal rewards from the contract.Code Snippet
Tool used
Manual Review
Recommendation
require(valid(self, programId));to the_complete()function,this can help to ensure that the function is effective and that it cannot be bypassed by an attacker.