-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IsContract Function Usage #126
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
invalid
This doesn't seem right
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
labels
Dec 8, 2021
loudoguno
added
the
need sponsor input (no confirm/acknowledg/dispute)
sponsors need to evaluate the wardens claims and provide a response (confirm/acknowledge/dispute)
label
Dec 18, 2021
MihanixA
added
the
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
label
Dec 20, 2021
Thank you for your comment! |
This was referenced Dec 20, 2021
MihanixA
removed
the
need sponsor input (no confirm/acknowledg/dispute)
sponsors need to evaluate the wardens claims and provide a response (confirm/acknowledge/dispute)
label
Dec 21, 2021
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
invalid
This doesn't seem right
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Handle
defsec
Vulnerability details
Impact
the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor (because the contract has not been deployed yet).
The code should be used very carefully, if at all, to avoid security hacks such as:
https://www.reddit.com/r/ethereum/comments/916xni/how_to_pwn_fomo3d_a_beginners_guide (archive)
Proof of Concept
Navigate to "https://github.com/maple-labs/proxy-factory/blob/main/contracts/ProxyFactory.sol#L64" & "https://github.com/maple-labs/proxy-factory/blob/main/contracts/ProxyFactory.sol#L56" & "https://github.com/maple-labs/proxy-factory/blob/main/contracts/ProxyFactory.sol#L47" & "https://github.com/maple-labs/proxy-factory/blob/main/contracts/ProxyFactory.sol#L20"
The function is allowed with isContract modifier.
However this is vulnerable implementation.
The sample code can be seen below.
Tools Used
None
Recommended Mitigation Steps
If you want to make sure that an EOA is calling your contract, a simple way is require(msg.sender == tx.origin). However, preventing a contract is an anti-pattern with security and interoperability considerations. (ethereum/solidity#683 - https://ethereum.stackexchange.com/questions/1891/whats-the-difference-between-msg-sender-and-tx-origin)
The text was updated successfully, but these errors were encountered: