Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solmate safetransfer and safetransferfrom does not check the code size of the token address, which may lead to funding loss #59

Open
hats-bug-reporter bot opened this issue Sep 7, 2024 · 1 comment
Open

Solmate safetransfer and safetransferfrom does not check the code size of the token address, which may lead to funding loss #59

hats-bug-reporter bot opened this issue Sep 7, 2024 · 1 comment
Labels
bug Something isn't working duplicate This issue or pull request already exists

Comments

@hats-bug-reporter
Copy link

Github username: --
Twitter username: --
Submission hash (on-chain): 0x5e3a6ad894ae8b390b43a269685160a4bc2f4a5262b06d213c8706113c13b74b
Severity: medium

Description:
Description
the minter.sol implements/uses the somate's safeTransferLib library for ETH and Erc20 transfer.but solmate has well known vulnerability i.e the safetransfer and safetransferfrom don't check the existence of code at the token address.

Hence this may lead to miscalculation of funds and may lead to loss of funds, because if safetransfer() and safetransferfrom() are called on a token address that doesn't have a contract in it, it will always return success, bypassing the return value check. Due to this protocol will think that funds have been transferred successfully, and records will be accordingly calculated, but in reality, funds were never transferred. So this will lead to miscalculation and possibly loss of funds

below are links to the Same issue which was discovered during contest

sherlock-audit/2022-11-bond-judging#8

code-423n4/2022-08-olympus-findings#117

Attack Scenario
Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

https://github.com/hats-finance/Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784/blob/fea3cdcd7693e95c7ddcfa4c79df9b5fa715aafc/contracts/Minter.sol#L2032C5-L2050C6

https://github.com/hats-finance/Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784/blob/fea3cdcd7693e95c7ddcfa4c79df9b5fa715aafc/contracts/Minter.sol#L1940C5-L1947C14

https://github.com/hats-finance/Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784/blob/fea3cdcd7693e95c7ddcfa4c79df9b5fa715aafc/contracts/Minter.sol#L1920C4-L1929C1

https://github.com/hats-finance/Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784/blob/fea3cdcd7693e95c7ddcfa4c79df9b5fa715aafc/contracts/Minter.sol#L1880C5-L1885C6

https://github.com/hats-finance/Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784/blob/fea3cdcd7693e95c7ddcfa4c79df9b5fa715aafc/contracts/Minter.sol#L1871C5-L1878C6

and more functions implement the safe functions

  1. Revised Code File (Optional)
  • implement a code existence check
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Sep 7, 2024
@ilzheev
Copy link

ilzheev commented Sep 7, 2024

Duplicate #51

@ilzheev ilzheev added the duplicate This issue or pull request already exists label Sep 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ilzheev