XO-_transform function does not check if the payoffDefinition is actually a valid PayoffDefinition
Summary
The vulnerability is present in the _transform function . The function fails to validate whether the payoffDefinition is a valid PayoffDefinition object. This opens up the possibility for an attacker to create a malicious PayoffDefinition with invalid values for properties such as strikePrice,expirationDate, or payoffFunction. , the attacker can call the _transform function and trigger a contract revert.
There is a vulnerability in the _transform function, so the problem is that there is a line in the function does not check if the payoffDefinition is actually a valid PayoffDefinition. This means that an attacker could create a malicious PayoffDefinition that has invalid values for the strikePrice,expirationDate, or payoffFunction properties. If the attacker were able to do this, they could then call the _transform function and cause the contract to revert.
Impact
An attacker could create a malicious PayoffDefinition that has invalid values for the strikePrice,expirationDate, or payoffFunction properties. If the attacker were able to do this, they could then call the _transform function and cause the contract to revert.
added require(payoffDefinition.isValid()); to the _transform function this will check if the payoffDefinition is actually a valid PayoffDefinition. If it is not, the function will revert.
XDZIBEC
high
XO-
_transform
function does not check if thepayoffDefinition
is actually a validPayoffDefinition
Summary
_transform
function . The function fails to validate whether thepayoffDefinition
is a validPayoffDefinition
object. This opens up the possibility for an attacker to create a maliciousPayoffDefinition
with invalid values for properties such asstrikePrice,
expirationDate,
orpayoffFunction.
, the attacker can call the_transform
function and trigger a contract revert.Vulnerability Detail
payoffDefinition
is actually a validPayoffDefinition.
This means that an attacker could create a maliciousPayoffDefinition
that has invalid values for thestrikePrice,
expirationDate,
orpayoffFunction
properties. If the attacker were able to do this, they could then call the_transform
function and cause the contract to revert.Impact
PayoffDefinition
that has invalid values for thestrikePrice,
expirationDate,
orpayoffFunction
properties. If the attacker were able to do this, they could then call the_transform
function and cause the contract to revert.Code Snippet
Tool used
Manual Review
Recommendation
require(payoffDefinition.isValid());
to the_transform
function this will check if thepayoffDefinition
is actually a validPayoffDefinition.
If it is not, the function will revert.