Back to minhquanym's contests

Blur Exchange contest - minhquanym's results

An NFT exchange for the Blur marketplace.

General Information

Platform: Code4rena

Start Date: 05/10/2022

Pot Size: $50,000 USDC

Total HM: 2

Participants: 80

Period: 5 days

Judge: GalloDaSballo

Id: 168

League: ETH

Blur Exchange

Findings Distribution

Researcher Performance

Rank: 29/80

Findings: 1

Award: $114.82

🌟 Selected for report: 0

πŸš€ Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBlur Exchange

Findings Information

🌟 Selected for report: dipp

Also found by: 0x4non, 0x52, 0xRobocop, 0xc0ffEE, 8olidity, Ch_301, Jeiwan, Junnon, KIntern_NA, Lambda, M4TZ1P, MiloTruck, Nyx, PaludoX0, Ruhum, RustyRabbit, Soosh, TomJ, Trust, arcoun, aviggiano, bardamu, cryptonue, csanuragjain, d3e4, enckrish, exd0tpy, hansfriese, jayphbee, joestakey, ladboy233, minhquanym, minhtrng, nicobevi, obront, polymorphism, rokinot, romand, rotcivegaf, rvierdiiev, saian, serial-coder, trustindistrust, zzykxx

Awards

114.8239 USDC - $114.82

Labels

bug
duplicate
3 (High Risk)

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-10-blur/blob/2fdaa6e13b544c8c11d1c022a575f16c3a72e3bf/contracts/matchingPolicies/StandardPolicyERC1155.sol#L33 https://github.com/code-423n4/2022-10-blur/blob/2fdaa6e13b544c8c11d1c022a575f16c3a72e3bf/contracts/matchingPolicies/StandardPolicyERC1155.sol#L59

Vulnerability details

Impact

In StandardPolicyERC1155 contract, the amount of ERC1155 token always return 1 instead of amount value in Order struct.

The result is when ERC1155 orders is matched, buyers will only receive 1 token even they specify amount > 1, which means loss of funds for buyer.

Proof of Concept

Script modified from execution.test.ts

it('can transfer ERC1155', async () => {
  await mockERC1155.mint(alice.address, tokenId, 10);
  sell = generateOrder(alice, {
    side: Side.Sell,
    tokenId,
    amount: 10,
    collection: mockERC1155.address,
    matchingPolicy: matchingPolicies.standardPolicyERC1155.address,
  });
  buy = generateOrder(bob, {
    side: Side.Buy,
    tokenId,
    amount: 10,
    collection: mockERC1155.address,
    matchingPolicy: matchingPolicies.standardPolicyERC1155.address,
  });
  sellInput = await sell.pack();
  buyInput = await buy.pack();

  await waitForTx(exchange.execute(sellInput, buyInput));

  expect(await mockERC1155.balanceOf(bob.address, tokenId)).to.be.equal(10);
});

Tools Used

Manual Review

Change the amount returned from StandardPolicyERC1155 from 1 to amount of order and also adding check to make sure amount of maker and taker’ orders are the same.

#0 - GalloDaSballo

2022-10-13T22:27:55Z

Dup of https://github.com/code-423n4/2022-10-blur-findings/issues/666

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax Β© 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter