Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-TAPIOCA-FINDINGS-ISSUES-1637
HistoryAug 04, 2023 - 12:00 a.m.

Insufficient Authorization Checks in 'SGLLeverage' Contract Functions

2023-08-0400:00:00
Code4rena
github.com
3
sglleverage
authorization
vulnerability
impersonation
financial loss
mitigation
access control
validation
unauthorized actions

7.4 High

AI Score

Confidence

Low

JSON

Lines of code
<https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/singularity/SGLLeverage.sol#L58&gt;
<https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/singularity/SGLLeverage.sol#L97&gt;
<https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contracts/markets/singularity/SGLLeverage.sol#L147&gt;

Vulnerability details

Description

The ‘SGLLeverage’ contract contains critical vulnerabilities in multiple functions, including ‘multiHopBuyCollateral,’ ‘multiHopSellCollateral,’ ‘sellCollateral,’ and ‘buyCollateral.’ These functions lack proper authorization checks, allowing any user to impersonate others by setting an arbitrary ‘from’ address without adequate validation. Consequently, malicious actors can exploit these flaws to perform unauthorized actions on behalf of innocent users, leading to financial losses and compromising the security of the platform.

In the ‘multiHopBuyCollateral’ function, there is a missing verification mechanism for the ‘from’ address, which allows an attacker to impersonate another user during the buying process. Similarly, the ‘multiHopSellCollateral’ function, ‘sellCollateral’ function, and ‘buyCollateral’ function suffer from the same security flaw, enabling unauthorized users to perform actions on behalf of others without consent or proper validation.

Exploiting these vulnerabilities, attackers can manipulate the collateral transactions, perform unauthorized trades, or cause confusion and financial harm to innocent users. These unauthorized actions may also disrupt the platform’s financial stability and undermine its trustworthiness.

Impact && POC

  1. Exploiting the Vulnerable Functions:
    Call the ‘multiHopBuyCollateral,’ ‘multiHopSellCollateral,’ ‘sellCollateral,’ or ‘buyCollateral’ function with an arbitrary ‘from’ address belonging to another user.
    Due to the absence of proper checks, the contract will allow unauthorized actions on behalf of the impersonated user.
  2. Impact:
    Unauthorized access to collateral and asset trades.
    Unauthorized withdrawals or transfers of assets.

Mitigation

To address these critical vulnerabilities, it is imperative to implement robust authorization checks in all affected functions. Validate that the ‘msg.sender’ matches the provided ‘from’ address to ensure that the caller has the necessary permissions to perform actions on behalf of the specified user. Utilize the ‘require’ statement to enforce these checks and prevent unauthorized access.

Assessed type

Access Control

The text was updated successfully, but these errors were encountered:

All reactions

7.4 High

AI Score

Confidence

Low

JSON