Closed sherlock-admin2 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Not issue
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Not issue
Invalid, out of scope
popelev
high
Anyone can deposit to protocol tokens of other users without approve
Summary
OUT OF SCOPE, Just for team information
Passing an arbitrary
from
address to transferFrom can lead to loss of funds, because anyone can transfer tokens from thefrom
address if an approval for protocol is made.Vulnerability Detail
User_1
approve token transfer forProtocol
User_2
can depositUser_1
token instead ofUser_1
without any approval since the protocol is allowed to transfer tokens.Impact
Users tokens can be deposited to protocol without their desire
Code Snippet
BondingCurveFacet::deposit
callLibBondingCurve::deposit
Code of
BondingCurveFacet::deposit
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/facets/BondingCurveFacet.sol#L56-L61Code of
LibBondingCurve::deposit
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibBondingCurve.sol#L133Tool used
Cyfrin/aderyn
Proof of Concept
Put this in
BondingCurveFacet.t.sol::ZeroStateBonding
Recommendation
Change
_recipient
tomsg.sender
inLibBondingCurve::deposit