Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-12-TIGRIS-FINDINGS-ISSUES-534
HistoryDec 16, 2022 - 12:00 a.m.

Lack of Input Validation

2022-12-1600:00:00
Code4rena
github.com
3
vulnerability
attackers
exploits
mitigation
input validation
JSON

Lines of code

Vulnerability details

Impact

Without proper input validation, it is possible for attackers to pass malicious input to the contract, potentially causing unintended behavior or even allowing the attacker to exploit the contract.

Proof of Concept

an attacker could pass a negative value as the ‘amount’ parameter to the ‘burnFrom’ function, which could allow them to destroy more tokens than they are supposed to be able to. Similarly, an attacker could pass an invalid address as the ‘account’ parameter, which could cause the function to behave unexpectedly.

Tools Used

Myrthil

Recommended Mitigation Steps

add input validation to the contract to ensure that the inputs are within the expected range and conform to the required format. For example, you could add a check to ensure that the ‘amount’ parameter is greater than zero and that the ‘account’ parameter is a valid address.

The text was updated successfully, but these errors were encountered:

All reactions

JSON