XO-SyncTo function does not check if the versionTo is actually greater than or equal to the latestVersion .
Summary
syncTo function is vulnerable . The function lacks a check to ensure that the provided versionTo is greater than or equal to the latestVersion stored in the contract. This allows an attacker to create a malicious versionTo that is lower than the latestVersion and trigger a contract revert by calling the syncTo function.
There is a vulenrability in the syncTo function, so the problem is in the line in the function does not check if the versionTo is actually greater than or equal to the latestVersion. This means that an attacker could create a malicious versionTo that is less than the latestVersion. If the attacker were able to do this, they could then call the syncTo function and cause the contract to revert.
Impact
An attacker create a malicious versionTo that is less than the latestVersion. If the attacker were able to do this, they could then call the syncTo function and cause the contract to revert.
add thisrequire(versionTo >= self.latestVersion); to check if the versionTo is actually greater than or equal to the latestVersion. If it is not, the function will revert.
XDZIBEC
medium
XO-
SyncTo
function does not check if theversionTo
is actually greater than or equal to thelatestVersion
.Summary
syncTo
function is vulnerable . The function lacks a check to ensure that the providedversionTo
is greater than or equal to thelatestVersion
stored in the contract. This allows an attacker to create a maliciousversionTo
that is lower than thelatestVersion
and trigger a contract revert by calling thesyncTo
function.Vulnerability Detail
versionTo
is actually greater than or equal to thelatestVersion.
This means that an attacker could create a maliciousversionTo
that is less than thelatestVersion.
If the attacker were able to do this, they could then call thesyncTo
function and cause the contract to revert.Impact
versionTo
that is less than thelatestVersion.
If the attacker were able to do this, they could then call thesyncTo
function and cause the contract to revert.Code Snippet
Tool used
Manual Review
Recommendation
require(versionTo >= self.latestVersion);
to check if theversionTo
is actually greater than or equal to thelatestVersion.
If it is not, the function will revert.