Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-AXELAR-FINDINGS-ISSUES-429
HistoryJul 21, 2023 - 12:00 a.m.

Payable functions using delegatecall inside a loop

2023-07-2100:00:00
Code4rena
github.com
25
security
vulnerability
delegatecall
loop
payable
function
impact
proof of concept
mitigation
call

AI Score

7

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

The use of delegatecall within a loop, in the context of a payable function, can lead to the repeated crediting of the msg.value amount, potentially causing unexpected behavior or loss of funds.

Proof of Concept

contract DelegatecallInLoop is Multicall {

    mapping (address => uint256) public balances;

    function addBalance(address a) public payable {
        balances[a] += msg.value;
    } 

}

If addBalances() is called with multiple receivers, the same msg.value will be reused for each recipient even though the corresponding ETH for only one recipient is sent.

For example:
Pass the data [“0xb5cef24a00000000000000000000000078731d3ca6b7e34ac0f824c42a7cc18a495cabab”, “0xb5cef24a0000000000000000000000005b38da6a701c568545dcfcb03fcb875f56beddc4”, “0xb5cef24a000000000000000000000000ab8483f64d9c6d1ecf9b849ae677dd3315835cb2”] and the msg.value will be reflected in the balances of three accounts.

Tools Used

Remix

Recommended Mitigation Steps

Carefully check that the function called by delegatecall is not payable/doesn’t use msg.value.

Assessed type

call/delegatecall

The text was updated successfully, but these errors were encountered:

All reactions

AI Score

7

Confidence

Low

JSON