Lucene search

K
code423n4Code4renaCODE423N4:2023-01-TESSERA-MITIGATION-FINDINGS-ISSUES-32
HistoryJan 29, 2023 - 12:00 a.m.

Mitigation of M-04: See comments

2023-01-2900:00:00
Code4rena
github.com
5
vulnerability
impact
proof of concept
mitigation
code inspection.

Lines of code

Vulnerability details

The PR does NOT fix the issue described in the finding, and instead addresses issue 45. The change breaks out of the loop, which solves the case where the price is the same as the lowest bid, but doesn’t address the case where the price is higher than the lowest, and only kicks out part of the lowest bid.

Impact

Same as the prior finding

Proof of Concept

The POC is the same as the prior finding, and the example tree would be:

            A:(p:100,q:10)
            /             \
       B:(p:100,q:10)  C:(<whatever>)
       /           \
D:(p:102,q:10)   E:(<whatever>) 

with F:(p:101,q:5) being inserted. There has been no change to re-shuffle the node that has had its quantity reduced, once F is added

Tools Used

Code inspection

Recommended Mitigation Steps

Same as before: when modifying nodes of the tree, remove them first, then re-add them after modification


The text was updated successfully, but these errors were encountered:

All reactions