Potential Uninitialized entropySlots
Reading in getNextEntropy
, Causing 0 Entropy Mint
#1086
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-01
primary issue
Highest quality submission among a set of duplicates
🤖_primary
AI based primary recommendation
🤖_93_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntropyGenerator/EntropyGenerator.sol#L103
Vulnerability details
Title
Potential Uninitialized
entropySlots
Reading ingetNextEntropy
Impact
The
getNextEntropy
function can be called at any time without waiting for the write entropy batches process to finish. This could lead to the function returning an uninitialized entropy value of000000
, resulting in users losing funds to mint useless tokens and not being eligible for future airdrops as they get 0 shares. This vulnerability can severely impact the users' trust and the protocol's functionality.Proof of Concept
POC
Apply following POC via
git apply POC.patch
and runyarn test
. The test confirmsgetNextEntropy
did return entropy 0 instead of revert.Tools Used
Hardhat
Recommended Mitigation Steps
Only allow
getNextEntropy
call ifcurrentSlotIndex < lastInitializedIndex
to ensure that the entropy slots are properly initialized:function getNextEntropy() public onlyAllowedCaller returns (uint256) { ... + require(currentSlotIndex < lastInitializedIndex, 'Slot not initialized'); uint256 entropy = getEntropy(currentSlotIndex, currentNumberIndex);
Assessed type
Other
The text was updated successfully, but these errors were encountered: