Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buyer in bad faith may not accept ERC1155 #184

Closed
code423n4 opened this issue Oct 8, 2022 · 3 comments
Closed

Buyer in bad faith may not accept ERC1155 #184

code423n4 opened this issue Oct 8, 2022 · 3 comments
Labels
bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) invalid This doesn't seem right QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-10-blur/blob/HEAD/contracts/BlurExchange.sol#L540-L541

Vulnerability details

Impact

Refer to this code-423n4/2022-07-fractional-findings#212

A malicious proposer can start a _executeTokenTransfer() using a contract that cannot receive ERC1155 tokens, and if the execute() fails, This prevents a new order from being started.

Proof of Concept

    function _executeTokenTransfer(
        address collection,
        address from,
        address to,
        uint256 tokenId,
        uint256 amount,
        AssetType assetType
    ) internal {
        /* Assert collection exists. */
        require(_exists(collection), "Collection does not exist");

        /* Call execution delegate. */
        if (assetType == AssetType.ERC721) {
            executionDelegate.transferERC721(collection, from, to, tokenId);
        } else if (assetType == AssetType.ERC1155) {
            executionDelegate.transferERC1155(collection, from, to, tokenId, amount);
        }
    }

Tools Used

vscode

Recommended Mitigation Steps

Consider saving the status of the after a failed order and implementing functions to allow the proposer to withdraw the ERC1155 tokens and eth
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Oct 8, 2022
code423n4 added a commit that referenced this issue Oct 8, 2022
@code423n4
8olidity issue #184
84dd068
@GalloDaSballo
Copy link
Collaborator

Order cannot be settled
New orders can still be executed
User willingly walks into a trade without doing DD

@GalloDaSballo GalloDaSballo added the disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) label Oct 12, 2022
@blur-io-toad blur-io-toad added selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons and removed selected for report This submission will be included/highlighted in the audit report labels Oct 16, 2022
@blur-io-toad
Copy link

Agreed this should be QA

@GalloDaSballo
Copy link
Collaborator

Downgrading to Low Severity as this is self-inflicted

@GalloDaSballo GalloDaSballo added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Oct 16, 2022
@JeeberC4 JeeberC4 added invalid This doesn't seem right unsatisfactory does not satisfy C4 submission criteria; not eligible for awards labels Nov 8, 2022
@JeeberC4 JeeberC4 closed this as completed Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) invalid This doesn't seem right QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@GalloDaSballo @code423n4 @JeeberC4 @blur-io-toad