No tokenType
validation may lead to user losing funds
#71
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
Cally.sol#L158-L17
Vulnerability details
Impact
Scenario 1:
tokenId
value.dutchAuctionReserveStrike
anddutchAuctionStartingStrikeIndex
.Scenario 2 (extremely unlikely):
tokenId
value.dutchAuctionReserveStrike
anddutchAuctionStartingStrikeIndex
.Proof of Concept
Cally.sol#L198-L200
ERC721.transferFrom
may actually call a ERC20transferFrom
and vice versa.Recommended Mitigation Steps
Dont allow user input to be the sole validator on ERC being an ERC20 or ERC721.
If
TokenType.ERC20
implement extra inputs and require functions to ensurename
,symbol
anddecimals
match inputs. Same thing forTokenType.ERC721
excludingdecimals
and confirming inputs matchname
,symbol
andtokenId
/id
.Only allow whitelisted tokens to be used as collateral.
The text was updated successfully, but these errors were encountered: