Back to jvaqa's contests

LarvaLabs Meebits Contest - jvaqa's results

20,000 unique 3D characters with a no fee trading marketplace, from the guys who made Cryptopunks

General Information

Platform: Code4rena

Start Date: 29/04/2021

Pot Size: $50,000 USDC

Total HM: 9

Participants: 10

Period: 2 days

Judge: Joseph Delong

Total Solo HM: 9

Id: 6

League: ETH

LarvaLabs Meebits

Findings Distribution

Researcher Performance

Rank: 5/10

Findings: 1

Award: $6,684.49

🌟 Selected for report: 1

🚀 Solo Findings: 1

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLarvaLabs Meebits

Findings Information

🌟 Selected for report: jvaqa

Labels

bug
3 (High Risk)

Awards

6684.492 USDC - $6,684.49

External Links

Link to GitHub issue

Handle

jvaqa

Vulnerability details

Impact

Beebots.TradeValid() Will Erroneously Return True When Maker Is Set To Address(0) and makerIds Are Set To The TokenIds of Unminted Beebot NFTs

Beebots.verify() Returns True No Matter What Signature Is Given When Signer Is Set To address(0). This means that BeeBots.tradeValid() will erroneously return true when maker is set to address(0). Finally, before an NFT has even been minted at all, it is assumed to have an owner of address(0) due to the idToOwner mapping being initialized to zero for all uninitailized slots, so an attacker can call tradeValid() with maker set to address(0) and makerIds set to the tokenIds of any unminted nftIds, and tradeValid() will erroneously return true.

Proof of Concept

(1) Beebots.verify() Returns True No Matter What Signature Is Given When Signer Is Set To address(0) (1a) BeeBots.verify() does not check to ensure that signer is not address(0). (1b) The reason that this is a problem is that ecrecover fails silently if the signature does not match, and simply returns zero. (1c) So if an attacker passes in address(0) as the signer, then verify will return true no matter what signature is provided, since ecrecover will return address(0), and the signer is address(0), so verify will pass. (1d) This means that BeeBots.tradeValid() will erroneously return true when maker is set to address(0). (2) Before an NFT has even been minted at all, it is assumed to have an owner of address(0) due to the idToOwner mapping being initialized to zero for all uninitailized slots (2a) Solidity inializes all mappings to 0 for all slots that have not yet been set. (2b) So for any nft id that has not yet been minted, the corresponding owner in the mapping BeeBots.idToOwner is address(0), even though that nft should not even exist. (2c) This means that an attacker can call tradeValid() with maker set to address(0) and makerIds set to any unminted nftIds, and tradeValid() will erroneously return true.

(1) Add this check to Beebots.verify(): require(signer != address(0), "Cannot verify signatures from 0x0");

(2) Add this check to Beebots.tradeValid(): require(maker != address(0), "Maker 0x0 not allowed");

#0 - dangerousfood

2021-05-24T23:13:13Z

Wow, this exploit is absolutely stunning.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter