Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-02-NESTED-FINDINGS-ISSUES-17
HistoryFeb 10, 2022 - 12:00 a.m.

Wrong logic around areOperatorsImported

2022-02-1000:00:00
Code4rena
github.com
2
JSON

Lines of code

Vulnerability details

Impact

The logic related to the areOperatorsImported method is incorrect and can cause an operator not to be updated because the owner thinks it is already updated, and a vulnerable or defective one can be used.

Proof of Concept

The operators mapping is made up of a key bytes32 name and a value made up of two values: implementation and selector, both of which identify the contract and function to be called when an operator is invoked.

The areOperatorsImported method tries to check if the operators to check already exist, however, the check is not done correctly, since && is used instead of ||.

If the operator with name A and value {implementation=0x27f8d03b3a2196956ed754badc28d73be8830a6e,selector=“performSwapVulnerable”} exists, and the owner try to check if the operator with name A and value {implementation=0x27f8d03b3a2196956ed754badc28d73be8830a6e,selector=“performSwapFixed”} exists, that function will return true, and the owner may decide not to import it , producing unexpected errors.
Because operators manage the tokens, this error can produce a token lost.

Recommended Mitigation Steps

Change && by ||

The text was updated successfully, but these errors were encountered:

All reactions

JSON