Platform: Code4rena
Start Date: 26/07/2022
Pot Size: $75,000 USDC
Total HM: 29
Participants: 179
Period: 6 days
Judge: LSDan
Total Solo HM: 6
Id: 148
League: ETH
Rank: 67/179
Findings: 3
Award: $171.06
π Selected for report: 1
π Solo Findings: 0
130.0175 USDC - $130.02
GolomTrader.validateOrder() does not check o.signer != address(0) as a result it is possible to create orders with o.signer == address(0). Therefore we may always create orders with the zero address.
The reason using the zero address as the signer succeeds is the ecrecover() used on #176 will return address(0) if the provided signature is invalid.
This issue is rated as medium as although it is undesirable to create orders on behalf of addresses that we do not have the key for it is unlikely that we will be able to transfer funds from the zero address and thus this will only succeed for orders which transfer a zero amount of tokens.
address signaturesigner = ecrecover(hash, o.v, o.r, o.s); require(signaturesigner == o.signer, 'invalid signature'); if (signaturesigner != o.signer) { return (0, hashStruct, 0); }
To resolve this issue consider updating the code listed above as follows.
if (signaturesigner == address(0) || signaturesigner != o.signer) { return (0, hashStruct, 0); }
#0 - KenzoAgada
2022-08-05T02:01:25Z
Duplicate of #357
π Selected for report: AuditsAreUS
Also found by: 0xSky, CertoraInc, GimelSec, GiveMeTestEther, Green, Lambda, Ruhum, RustyRabbit, Treasure-Seeker, Twpony, arcoun, bin2chen, cccz, codexploder, cryptonue, dipp, horsefacts, jayphbee, joestakey, minhquanym, obront, peritoflores, rbserver, reassor, rotcivegaf, scaraven, ych18
5.8712 USDC - $5.87
It is possible to send a higher msg.value than is required to fillAsk(). The excess value that is sent will be permanently locked in the contract.
There is only one check over msg.value and it is that it's greater than o.totalAmt * amount + p.paymentAmt. As seen in the following code snippet from #217.
require(msg.value >= o.totalAmt * amount + p.paymentAmt, 'mgmtm');
The issue here is that the contract will only ever spend exactly o.totalAmt * amount + p.paymentAmt. Hence if msg.value is greater than this then the excess value will be permanently locked in the contract.
To avoid this issue consider enforcing a strict equality.
require(msg.value == o.totalAmt * amount + p.paymentAmt, 'mgmtm');
#0 - 0xsaruman
2022-09-04T11:09:22Z
Disagree with severity cause its user choice to send more
#1 - dmvt
2022-10-12T15:41:46Z
I agree with this being a medium. It opens up the potential for griefing attacks and all sorts of other issues that may be beyond the scope of "the user decided to send excess funds. Further, it's common for contracts to return excess funds, so the user may reasonably expect this behaviour.
π Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0xA5DF, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xSmartContract, 0xackermann, 0xc0ffEE, 0xf15ers, 0xmatt, 0xsanson, 0xsolstars, 8olidity, AuditsAreUS, Bahurum, Bnke0x0, CRYP70, CertoraInc, Ch_301, Chom, CryptoMartian, Deivitto, DevABDee, Dravee, ElKu, Franfran, Funen, GalloDaSballo, GimelSec, GiveMeTestEther, Green, JC, Jmaxmanblue, JohnSmith, Jujic, Junnon, Kenshin, Krow10, Kumpa, Lambda, MEP, Maxime, MiloTruck, Mohandes, NoamYakov, Picodes, RedOneN, Rohan16, Rolezn, Ruhum, RustyRabbit, Sm4rty, Soosh, StErMi, StyxRave, Tadashi, TomJ, Treasure-Seeker, TrungOre, Waze, _Adam, __141345__, ajtra, ak1, apostle0x01, arcoun, asutorufos, async, benbaessler, berndartmueller, bin2chen, brgltd, c3phas, cRat1st0s, carlitox477, chatch, codetilda, codexploder, cryptonue, cryptphi, csanuragjain, cthulhu_cult, delfin454000, dipp, dirk_y, djxploit, ellahi, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, horsefacts, hyh, idkwhatimdoing, indijanc, jayfromthe13th, jayphbee, joestakey, kenzo, kyteg, lucacez, luckypanda, mics, minhquanym, obront, oyc_109, pedr02b2, rajatbeladiya, rbserver, reassor, robee, rokinot, rotcivegaf, sach1r0, saian, saneryee, sashik_eth, scaraven, shenwilly, simon135, sseefried, supernova, teddav, ych18, zuhaibmohd, zzzitron
35.1687 USDC - $35.17
https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L236 https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L361 https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L301
There is overlap between the function signature of ERC20 transferFrom(address,address,uint256) and ERC721 transferFrom(address,address,uint256). The impact of this is that it's possible for users to transfer ERC20 tokens instead of ERC721.
This poses a threat as signers may have approved WETH to transfer funds.
The threat occurs if o.collection is then set as WETH address. An unwitting user could accidently transfer WETH instead of an NFT to a user.
The impact is rated as Medium rather than High as although there is loss of funds the user would have to either sign or accept an Order which has a ERC20 address as the collection field.
ERC721(o.collection).transferFrom(o.signer, receiver, o.tokenId);
ERC721 nftcontract = ERC721(o.collection); nftcontract.transferFrom(msg.sender, o.signer, o.tokenId);
ERC721 nftcontract = ERC721(o.collection); nftcontract.transferFrom(msg.sender, o.signer, tokenId);
Consider using ERC721.safeTransferFrom() instead of ERC721.transferFrom(). This will change the function signature and therefore prevent overlap between ERC20 and ERC721 transfer functions.
#0 - 0xsaruman
2022-09-05T08:28:51Z
#1 - dmvt
2022-10-14T16:34:10Z
This is not a duplicate of #342. The maximum compromise here is an amount of WEI equal to the tokenId. I think this is an improbable scenario, but I'll leave it in as low risk. Downgraded to QA.