Back to adam-idarrha's contests

AI Arena - adam-idarrha's results

In AI Arena you train an AI character to battle in a platform fighting game. Imagine a cross between Pokémon and Super Smash Bros, but the characters are AIs, and you can train them to learn almost any skill in preparation for battle.

General Information

Platform: Code4rena

Start Date: 09/02/2024

Pot Size: $60,500 USDC

Total HM: 17

Participants: 283

Period: 12 days

Judge:

Id: 328

League: ETH

AI Arena

Findings Distribution

Researcher Performance

Rank: 266/283

Findings: 1

Award: $0.10

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryAI Arena

Findings Information

🌟 Selected for report: CodeWasp

Also found by: 0x13, 0xAlix2, 0xAsen, 0xCiphky, 0xE1, 0xLogos, 0xaghas, 0xlemon, 0xlyov, 0xvj, ADM, Aamir, BARW, Bauchibred, DMoore, DanielArmstrong, Draiakoo, Fulum, GhK3Ndf, Josh4324, Kalogerone, KmanOfficial, Krace, KupiaSec, Limbooo, MidgarAudits, MrPotatoMagic, PedroZurdo, Pelz, Tendency, _eperezok, adam-idarrha, al88nsk, alexxander, alexzoid, aslanbek, blutorque, btk, c0pp3rscr3w3r, cartlex_, cats, d3e4, deadrxsezzz, denzi_, devblixt, dimulski, erosjohn, evmboi32, fnanni, grearlake, hulkvision, immeas, israeladelaja, jaydhales, jesjupyter, jnforja, juancito, klau5, korok, ktg, ladboy233, matejdb, merlinboii, novamanbg, nuthan2x, oualidpro, peanuts, petro_1912, pkqs90, pynschon, radev_sw, rouhsamad, sashik_eth, shaka, sobieski, soliditywala, stackachu, tallo, thank_you, ubl4nk, vnavascues, web3pwn, xchen1130, zhaojohnson

Awards

0.1044 USDC - $0.10

Labels

bug
3 (High Risk)
satisfactory
sufficient quality report
upgraded by judge
:robot:_15_group
duplicate-1709

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/FighterFarm.sol#L355-L365 https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/FighterFarm.sol#L338-L348

Vulnerability details

Vulnerability details:

Details:

The contract FighterFarm manages fighter NFTs, imposing restrictions on their transfer via the _ableToTransfer function, which is called within overridden transfer functions. These functions check that the destination address doesn't possess more than 10 NFTs and that the fighter is not staked. However, the function safeTransferFrom(from, to , tokenId, data) lacks this override and check implementation, enabling a bypass of these restrictions.

Impact:

This vulnerability allows a user to hold more than 10 fighters simultaneously and transfer a staked fighter, violating key system invariants.

Proof of Concept:

  • consider that Alice has 1 Fighter with tokenId = 15 which she staked with in rankedBattle contract.
  • and Bob has 10 fighters
  • Alice calls the function safeTransferFrom(Alice, Bob , 15, "")
  • the function _ableToTransfer is not called, so there is no check and Bob ends with 11 fighters , and a fighter that is currently at stake .

Tools Used:

vscode

override the function safeTransferFrom(from, to , tokenId, data) in the same way you do for the other functions.

Assessed type

ERC721

#0 - c4-pre-sort

2024-02-23T06:03:07Z

raymondfam marked the issue as sufficient quality report

#1 - c4-pre-sort

2024-02-23T06:04:34Z

raymondfam marked the issue as duplicate of #739

#2 - c4-judge

2024-03-11T02:09:27Z

HickupHH3 changed the severity to 3 (High Risk)

#3 - c4-judge

2024-03-11T02:58:17Z

HickupHH3 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter