Platform: Code4rena
Start Date: 05/07/2023
Pot Size: $390,000 USDC
Total HM: 136
Participants: 132
Period: about 1 month
Judge: LSDan
Total Solo HM: 56
Id: 261
League: ETH
Rank: 124/132
Findings: 1
Award: $20.42
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Ack
Also found by: 0xG0P1, 0xRobocop, 0xStalin, KIntern_NA, Koolex, Oxsadeeq, RedOneN, TiesStevelink, ayeslick, bin2chen, cergyk, kaden, ladboy233, ltyu, plainshift, rvierdiiev, xuwinnie, zzzitron
20.4247 USDC - $20.42
Detailed description of the impact of this finding. The function addCollateral() in the bigBang Market,allows a caller to add collateral from another user's account provided he has allowance, but this is like a two edged sword meant to solve a particular problem,while giving an edge to people with malicious intent.The modifier allowedBorrow meant to ensure that the caller is allowed by the user has a flaw(It only checks that the caller has allowance for an amount of shares , it doesn't check if the caller is allowed to add Collateral from the yieldBox account), there are two methods of adding collateral the first method is directly from the user's yieldBox deposit while the latter adds collateral from the users collateral, to bypass the allowedBorrow modifier a malicious user would have to specify share as 0 and after the check passes the amount of Collateral specified by the Malicious user is transferred from the user to the Malicious User.A simple attack flow goes like this: 1)Malicious user calls addCollateral() passing his address,another users address,amount and share as 0 2) They checks passes because of the 0 shares. 3)The amount specified are transferred from the user to the address of the Malicious user
modifier allowedBorrow(address from, uint share) virtual { _allowedBorrow(from, share); _; } function _allowedBorrow(address from, uint share) internal { if (from != msg.sender) { if (allowanceBorrow[from][msg.sender] < share) { revert NotApproved(from, msg.sender); } allowanceBorrow[from][msg.sender] -= share; }
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Vscode
Invalid Validation
#0 - c4-pre-sort
2023-08-05T03:02:05Z
minhquanym marked the issue as duplicate of #55
#1 - c4-judge
2023-09-12T17:32:45Z
dmvt marked the issue as satisfactory