Platform: Code4rena
Start Date: 07/04/2023
Pot Size: $47,000 USDC
Total HM: 20
Participants: 120
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 230
League: ETH
Rank: 44/120
Findings: 2
Award: $99.40
🌟 Selected for report: 0
🚀 Solo Findings: 0
26.761 USDC - $26.76
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L459
Sellers that interact directly with the PrivatePool need to approve tokens beforehand, and due to the convenience, it's common practice to approveAll to avoid multiple transactions.
With that in mind, allowing the owner to execute arbitrary transactions, allows for taking tokens from previous sellers that haven't revoked the approval, effectively stealing them.
Manual review.
Ideally, remove the execute function, as the potential flaws are greater than the possible benefit.
If that's not desired, then prevent calls to the pool's nft and baseToken
#0 - c4-pre-sort
2023-04-20T16:40:35Z
0xSorryNotSorry marked the issue as duplicate of #184
#1 - c4-judge
2023-05-01T19:21:22Z
GalloDaSballo marked the issue as satisfactory
26.761 USDC - $26.76
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L459
Buyers that interact directly with the PrivatePool need to approve tokens beforehand, and due to the convenience, it's common practice to the maximum limit.
With that in mind, allowing the owner to execute arbitrary transactions, allows for taking erc20 tokens from previous buyers that haven't revoked the approval, effectively stealing them.
Manual review.
Ideally, remove the execute function, as the potential flaws are greater than the possible benefit.
If that's not desired, then prevent calls to the pool's nft and baseToken
#0 - c4-pre-sort
2023-04-20T16:40:32Z
0xSorryNotSorry marked the issue as duplicate of #184
#1 - c4-judge
2023-05-01T19:21:23Z
GalloDaSballo marked the issue as satisfactory
🌟 Selected for report: Voyvoda
Also found by: CodingNameKiki, DishWasher, GT_Blockchain, J4de, JGcarv, Josiah, RaymondFam, neumo, saian
72.6437 USDC - $72.64
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L737
The provided function changeFeeQuote returns different value for protocol fees than what should be charged, which affect all changes on private pools.
It currently takes the percentage of the feeAmount
protocolFeeAmount = feeAmount * Factory(factory).protocolFeeRate() / 10_000;
While other functions take the protocolFee from the total value of the purchase.
Change to:
protocolFeeAmount = inputAmount * Factory(factory).protocolFeeRate() / 10_000;
#0 - c4-pre-sort
2023-04-20T16:36:36Z
0xSorryNotSorry marked the issue as duplicate of #463
#1 - c4-judge
2023-05-01T07:21:31Z
GalloDaSballo marked the issue as satisfactory