Back to HChang26's contests

Open Dollar - HChang26's results

A floating $1.00 pegged stablecoin backed by Liquid Staking Tokens with NFT controlled vaults.

General Information

Platform: Code4rena

Start Date: 18/10/2023

Pot Size: $36,500 USDC

Total HM: 17

Participants: 77

Period: 7 days

Judge: MiloTruck

Total Solo HM: 5

Id: 297

League: ETH

Open Dollar

Findings Distribution

Researcher Performance

Rank: 55/77

Findings: 1

Award: $37.14

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryOpen Dollar

Findings Information

🌟 Selected for report: MrPotatoMagic

Also found by: Bughunter101, COSMIC-BEE-REACH, HChang26, Stormreckson, T1MOH, Tendency, hals, josephdara, klau5, merlin, tnquanghuy0512, twcctop

Labels

bug
2 (Med Risk)
satisfactory
sufficient quality report
duplicate-171

Awards

37.1417 USDC - $37.14

External Links

Link to GitHub issue

Lines of code

https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/contracts/proxies/ODSafeManager.sol#L105 https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/contracts/proxies/ODSafeManager.sol#L49

Vulnerability details

Impact

Authorized users can delegate the allowSAFE() function without requiring owner authorization.

Proof of Concept

The allowSAFE() function permits the owner of a safe to grant permission to another user to manage their safe. Access control is managed through the safeAllowed modifier, ensuring that only authorized users can perform this action. However, a potential issue arises where authorized users can delegate this power to other users, allowing them to use allowSAFE() without the requirement for owner authorization. The original intention was for the owner of the safe to be the sole entity capable of granting this permission. This issue allows for unauthorized individual to make changes to the safe.

  function allowSAFE(uint256 _safe, address _usr, uint256 _ok) external safeAllowed(_safe) {
    address _owner = _safeData[_safe].owner;
    safeCan[_owner][_safe][_usr] = _ok;
    emit AllowSAFE(msg.sender, _safe, _usr, _ok);
  }

Tools Used

Manual Review

  function allowSAFE(uint256 _safe, address _usr, uint256 _ok) external safeAllowed(_safe) {
    address _owner = _safeData[_safe].owner;
+   require(msg.sender == _owner);
    safeCan[_owner][_safe][_usr] = _ok;
    emit AllowSAFE(msg.sender, _safe, _usr, _ok);
  }

Assessed type

Access Control

#0 - c4-pre-sort

2023-10-26T18:54:34Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2023-10-26T18:55:15Z

raymondfam marked the issue as duplicate of #171

#2 - c4-judge

2023-11-02T08:44:19Z

MiloTruck marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter