-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lack of ability to make an some external function calls makes the DAO stage unreachable. #378
Comments
koolexcrypto marked the issue as unsatisfactory: |
I think this issue was marked as invalid because validators mistakenly flagged it as a duplicate of #214. But this is a completely different issue, 214 addresses the normal behavior by reporting that "the But since the ownership is transferred to And that's what this issue is about |
koolexcrypto marked the issue as not a duplicate |
koolexcrypto removed the grade |
@koolexcrypto, hello, I saw you marked this issue as not a duplicate, I just want to mention that the Airdrop contract is OOS and any issues related to improper access control set on it should not be valid at all. |
@samuraii77 The issue described here is not related to improper access to the |
Which is a function on the Airdrop contract and can't be called due to improper access control as if it had a different access control, let's say onlyAuthorizedCaller, it would be callable by someone else. It is an assumption you are making that the NukeFund contract should be the one being able to call that function but that is not necessarily the case, the root cause of the issue is in the Airdrop contract which is OOS |
@samuraii77 The main reason is |
It was never mentioned that this function should be callable. The only reason you know of its existence is because you checked an OOS contract. Your argument about Pausable is incorrect as the contract has been inherited, thus they have shown intent they want the contract to be pausable. However, Airdrop contract is not inherited, it is a completely OOS and external contract, you don't actually have the knowledge whether someone should be callable as it's OOS and the access control is in the OOS contract which means the error is there. Sorry for messaging in this issue to the judge if my input was unwanted, I just wanted to leave my opinion and will abstain from commenting further, will leave it up to the judge to decide. |
Checking OOS contracts doesn't mean that the issue is OOS. The rule is if the root cause of the issue is in a contract that is in-scope, then the issue is valid. Here the issue is in a contract that is in-scope and thus i belive this is a valid issue. |
koolexcrypto marked the issue as primary issue |
Thank you everyone for your input. I believe the issue is valid. Owner of Airdrop is TraitForgeNft and the bug prevents from entering the DAO stage. The root cause and the fix is in TraitForgeNft, therefore it is in scope. |
koolexcrypto marked the issue as selected for report |
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/NukeFund/NukeFund.sol#L46-L57
Vulnerability details
Impact
TL;DR: Switching to DAO phase in
NukeFund
is not possibleThis vulnerability is on the boundary of scope because it makes it impossible to use the out-of-scope contract but the problem is in the contact inside the scope that is the owner of this external contract.
The
TraitForgeNft
contract is written in such a way that it can add and remove users from the airdrop. For this the NFT contract must have ownership over the airdrop contract.Because of this an additional function is created in
TraitForgeNft
to start the airdrop while other functions that can only be called by the owner (setTraitToken
,allowDaoFund
) are absent inTraitForgeNft
contract. Which makes these functions impossible to call.And if the first function may not be so necessary (deployer can call it at deploy), but the second function must have its own handle in the
TraitForgeNft
contract since this function is used byNukeFund
and can only be called after the start of the airdrop, that is, after the transfer of ownership to theTraitForgeNft
contractProof of Concept
Airdrop
isTraitForgeNft
Airdrop.allowDaoFund()
NukeFund
dev share distribution relly completely onairdropContract.daoFundAllowed()
Tools Used
Manual Review
Recommended Mitigation Steps
Add delegate handle to
TraitForgeNft
:Assessed type
Access Control
The text was updated successfully, but these errors were encountered: