Platform: Code4rena
Start Date: 14/10/2022
Pot Size: $100,000 USDC
Total HM: 12
Participants: 75
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 1
Id: 171
League: ETH
Rank: 55/75
Findings: 1
Award: $0.33
🌟 Selected for report: 0
🚀 Solo Findings: 0
0.3268 USDC - $0.33
Due to lack of check for the sender and recipient address , self transfer can increase the balance
function _transfer( address _from, address _to, uint256 _id, uint256 _amount ) internal virtual { uint256 _fromBalance = _balances[_id][_from]; if (_fromBalance < _amount) revert LBToken__TransferExceedsBalance(_from, _id, _amount); _beforeTokenTransfer(_from, _to, _id, _amount); uint256 _toBalance = _balances[_id][_to]; unchecked { _balances[_id][_from] = _fromBalance - _amount; _balances[_id][_to] = _toBalance + _amount; } _remove(_from, _id, _fromBalance, _amount); _add(_to, _id, _toBalance, _amount); }
it record the balance of sender and recceiver before updating the balance due to which if the address of both sender and receiver are same it will increase the balance
ex:- let say alice has 100 tokens initially want to transfer 10 tokens, now when she call safeTransferFrom() or SafeBatchTransferFrom().
First these fucntion will check for the validity address through "checkaddress()" and then check for the approval. In the checkApproval() spender can be equal to Owner this check will also be passed.
In _transfer() ,
FromBalance = 100 toBalance = 100
unchecked { _balances[_id][Alice] = 100- 10; _balances[_id][Alice] = 100+ 10; }
total balance of [Alice] = 110
manual review
add the checks for checking recipient and sender address are not same
#0 - trust1995
2022-10-23T21:24:21Z
Dup of #422
#1 - GalloDaSballo
2022-10-26T16:35:46Z
#2 - c4-judge
2022-11-23T18:28:32Z
GalloDaSballo marked the issue as not a duplicate
#3 - c4-judge
2022-11-23T18:29:06Z
GalloDaSballo marked the issue as duplicate of #299
#4 - Simon-Busch
2022-12-05T06:38:55Z
Marked this issue as Satisfactory as requested by @GalloDaSballo