Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

destination address can't actually call transferOut() of UserEscrow.sol #653

Open
c4-submissions opened this issue Sep 14, 2023 · 9 comments
Open

destination address can't actually call transferOut() of UserEscrow.sol #653

c4-submissions opened this issue Sep 14, 2023 · 9 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality

Comments

@c4-submissions
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/UserEscrow.sol#L36-L50

Vulnerability details

Impact

The @dev comment of transferOut function suggests transferOut can only be initiated by the destination address or an authorized admin but auth modifier prevents that. It only allows selected wards but making every destination address a ward is not feasible as ward in auth modifier is a trusted role and has access to all the major functionality in the protocol.

It bricks a major functionality. The tokens can only be transferred out by authorized ward. Thus, the whole design of transferOut is faulty.

Proof of Concept

Not required

Tools Used

Manual Analysis

Recommended Mitigation Steps

This can be mitigated by only allowing authorized ward to call transferOut function.

Assessed type

Other
@c4-submissions c4-submissions added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Sep 14, 2023
c4-submissions added a commit that referenced this issue Sep 14, 2023
@c4-submissions
sandy issue #653
1bb2322
@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Sep 16, 2023
@c4-pre-sort
Copy link

raymondfam marked the issue as sufficient quality report

@c4-pre-sort
Copy link

raymondfam marked the issue as duplicate of #217

@c4-judge
Copy link

gzeon-c4 marked the issue as not a duplicate

@c4-judge c4-judge reopened this Sep 26, 2023
@c4-judge
Copy link

gzeon-c4 marked the issue as primary issue

@c4-judge c4-judge added the primary issue Highest quality submission among a set of duplicates label Sep 26, 2023
This was referenced Sep 26, 2023
Closed
Closed
@c4-judge
Copy link

gzeon-c4 marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Sep 26, 2023
@c4-judge
Copy link

gzeon-c4 removed the grade

@c4-judge c4-judge reopened this Sep 26, 2023
@c4-judge c4-judge removed the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Sep 26, 2023
@gzeon-c4
Copy link

This is called from InvestmentManager which is a ward of UserEscrow, however it still seems to require auth on the IM to call anything to lead to transferOut. Looks like an ambiguous comment transferOut can only be initiated by the destination address or an authorized admin.

@hieronx
Copy link

hieronx commented Sep 26, 2023

Yeah the implementation is correct, but the comment is wrong/misleading. It should be transferOut can only be initiated by an authorized admin, to a destination set on transferIn.

@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Sep 26, 2023
@c4-judge
Copy link

gzeon-c4 changed the severity to QA (Quality Assurance)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@hieronx @c4-judge @c4-pre-sort @C4-Staff @gzeon-c4 @c4-submissions