Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERC1155 tokens are hardcoded to transfer only 1 token, which may lead to users overpaying orders #404

Closed
code423n4 opened this issue Oct 9, 2022 · 1 comment
Closed

ERC1155 tokens are hardcoded to transfer only 1 token, which may lead to users overpaying orders #404

code423n4 opened this issue Oct 9, 2022 · 1 comment
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists edited-by-warden

Comments

@code423n4
Copy link
Contributor

code423n4 commented Oct 9, 2022
edited
Loading

Lines of code

https://github.com/code-423n4/2022-10-blur/blob/main/contracts/matchingPolicies/StandardPolicyERC1155.sol#L24-L35
https://github.com/code-423n4/2022-10-blur/blob/main/contracts/matchingPolicies/StandardPolicyERC1155.sol#L50-L61

Vulnerability details

Impact

Users may overpay for a single ERC1155 transaction.

Proof of Concept

When calling execute() with the intention of trading ERC1155 tokens, in order to acquire the number of tokens to transfer, execute() calls _canMatchOrders(), which then calls either canMatchMakerAsk() or canMatchMakerAsk(). However both the functions are hardcoded to return 1 as the amount to transfer. The rest of the transaction proceeds as intended. It's possible for users to systematically use this to steal from orders i.e. user A creates a sell order of 5 tokens, total price being 5 WETH (so 1 WETH per token) and user B fills the order with 5 WETH, only receiving one in exchange.

Submitting this finding as high as this behaviour seems unintended, since ERC1155 tokens are transfered with a custom amount in _executeTokenTransfer(), the Order struct has an amount variable and there's no mentions of the exchange not allowing multiple tokens to be traded at once.

Tools Used

Manual code reading

Recommended Mitigation Steps

Modify StandardPolicyERC1155.sol with the following:

return (
            (makerAsk.side != takerBid.side) &&
            (makerAsk.paymentToken == takerBid.paymentToken) &&
            (makerAsk.collection == takerBid.collection) &&
            (makerAsk.tokenId == takerBid.tokenId) &&
            (makerAsk.matchingPolicy == takerBid.matchingPolicy) &&
            (makerAsk.price == takerBid.price) &&
            (makerAsk.amount == takerBid.amount),
            makerAsk.price,
            makerAsk.tokenId,
            makerAsk.amount,
            AssetType.ERC1155
        );

...

return (
            (makerBid.side != takerAsk.side) &&
            (makerBid.paymentToken == takerAsk.paymentToken) &&
            (makerBid.collection == takerAsk.collection) &&
            (makerBid.tokenId == takerAsk.tokenId) &&
            (makerBid.matchingPolicy == takerAsk.matchingPolicy) &&
            (makerBid.price == takerAsk.price) &&
            (makerBid.amount == takerAsk.amount),
            makerBid.price,
            makerBid.tokenId,
            makerBid.amount,
            AssetType.ERC1155
        );

It is important to check the amount of tokens being traded are equal as this isn't verified elsewhere. This was written with the assumption orders can only be completely filled instead of maybe partially filled, as the protocol doesn't seem to support partial fill orders (discussed in the QA report).
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Oct 9, 2022
code423n4 added a commit that referenced this issue Oct 9, 2022
@code423n4
rokinot issue #404
ee50030
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly edited-by-warden and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Oct 9, 2022
@GalloDaSballo
Copy link
Collaborator

Dup of #666

@GalloDaSballo GalloDaSballo added the duplicate This issue or pull request already exists label Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists edited-by-warden
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GalloDaSballo @code423n4