6 matches found
Upgraded Q -> 2 from #193 [1699029806458]
Judge has assessed an item in Issue 193 as 2 risk. The relevant finding follows: Missing functions in the BasicActions to reach ODSafeManager Description Both functions allowing other users and handlers to manage the safe are restricted with access control. Only callable by the owner of the safe...
ODProxy contract can't grant safeRights (can't change the state of the called contracts) which will disable generating debts functionality
Lines of code Vulnerability details Impact The protocol implements a proxy mechanism to enable only the Vault721 contract from transferring SAFEs, as each SAFE is represented by a NFV non fungible vault. This contract has only one function execute that makes delegatecalls to other contracts, so...
Delegating the call from ODProxy will make the changes in the context of ODProxy's storage layer which breaks the invariant.
Lines of code Vulnerability details Impact Making the delegate call to ODSafeManager will affect the storage of ODProxy leaving behind the inconsistent state in ODSafeManager, moreover this issue will also breaks the invariant 'Users must exclusively use the ODProxy to interact with their safes.'...
Since the build function in 'Vault721' allows anyone to deploy a new ODProxy for any user without proper checks, it creates a potential exploit.
Lines of code Vulnerability details Impact The ability to freely deploy ODProxy contracts through the Vault721 contract's build function represents a significant security vulnerability. Exploitation of this vulnerability could lead to: Unauthorized Actions: Malicious actors could deploy proxies f...
Missing functionality required to allow others access to safe
Lines of code Vulnerability details Impact Missing functionality prevents ODProxy from granting other accounts access to the safe. In order to grant access to the particular safe for which specific instance of ODProxy is the owner, it is necessary to call allowSAFE on ODSafeManager. This method...
ODProxy is flawed due to delegatecall to ODSafeManager which render system inoperable
Lines of code Vulnerability details Impact The vulnerability arises from the use of delegatecall to interact with the ODSafeManager contract, which is designed to store the context of the safe manager. However, the data inside ODSafeManager is never properly updated when ODProxy uses delegatecall...