Back to 0xabhay's contests

Decent - 0xabhay's results

Decent enables one-click transactions using any token across chains.

General Information

Platform: Code4rena

Start Date: 19/01/2024

Pot Size: $36,500 USDC

Total HM: 9

Participants: 113

Period: 3 days

Judge: 0xsomeone

Id: 322

League: ETH

Decent

Findings Distribution

Researcher Performance

Rank: 75/113

Findings: 1

Award: $0.12

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDecent

Findings Information

🌟 Selected for report: NPCsCorp

Also found by: 0x11singh99, 0xAadi, 0xBugSlayer, 0xE1, 0xPluto, 0xSimeon, 0xSmartContract, 0xabhay, 0xdice91, 0xprinc, Aamir, Aymen0909, CDSecurity, DadeKuma, DarkTower, EV_om, Eeyore, GeekyLumberjack, GhK3Ndf, Giorgio, Greed, Inference, JanuaryPersimmon2024, Kaysoft, Krace, Matue, MrPotatoMagic, NentoR, Nikki, PUSH0, Soliditors, Tendency, Tigerfrake, Timeless, Timenov, ZanyBonzy, ZdravkoHr, abiih, adeolu, al88nsk, azanux, bareli, boredpukar, cu5t0mpeo, d4r3d3v1l, darksnow, deth, dutra, ether_sky, haxatron, ke1caM, kodyvim, m4ttm, mgf15, mrudenko, nmirchev8, nobody2018, nuthan2x, peanuts, piyushshukla, ravikiranweb3, rouhsamad, seraviz, simplor, slylandro_star, stealth, th13vn, vnavascues, wangxx2026, zaevlad

Awards

0.1172 USDC - $0.12

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
duplicate-721

External Links

Link to GitHub issue

Lines of code

https://github.com/decentxyz/decent-bridge/blob/7f90fd4489551b69c20d11eeecb17a3f564afb18/src/DcntEth.sol#L20-L22

Vulnerability details

Impact

The lack of access control on the DcntEth.sol::setRouter function allows any external actor to gain control over critical functionalities of the DcntEth contract. If exploited, an attacker could arbitrarily mint new tokens or burn existing tokens, leading to potential token inflation, deflation, or manipulation of user balances.

Proof of Concept

An attacker deploys their own malicious contract or uses an EOA (Externally Owned Account). The attacker calls the setRouter function of the DcntEth contract with the address of their malicious contract or EOA.

    function setRouter(address _router) public {
        router = _router;
    }

Once the router is set to the attacker's address, they can now call the mint function to mint an arbitrary number of tokens to any address, including their own. The attacker can also call the burn function to destroy tokens from any address without the consent of the token holders.

Tools Used

Manual Review

Update the setRouter function to include an access control modifier such as onlyOwner. This ensures that only the contract owner can change the router address.

function setRouter(address _router) public onlyOwner {
    router = _router;
}

Assessed type

Access Control

#0 - c4-pre-sort

2024-01-23T21:28:35Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-01-23T21:29:03Z

raymondfam marked the issue as duplicate of #14

#2 - c4-judge

2024-02-03T13:31:38Z

alex-ppg marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter