DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: low
Invalid

Unauthorized Plot Transfer Due to Allowance Bypass in transferPlot

Summary

The transferPlot function in the MarketplaceFacet contract contains a logic error that could allow unauthorized transfers of Plots under specific conditions.

Vulnerability Details

The vulnerability exists in the following code snippet from the transferPlot function:

if (
LibTractor._user() != sender &&
allowancePods(sender, LibTractor._user(), fieldId) != type(uint256).max
) {
decrementAllowancePods(sender, LibTractor._user(), fieldId, transferAmount);
}

The if condition checks if the sender is not the LibTractor._user() and if the allowance is not unlimited. Only if both conditions are true, the function decrements the allowance. However, if the sender is the LibTractor._user(), the allowance check is bypassed, and the transfer proceeds without verifying if the sender has sufficient allowance.

Impact

This vulnerability could allow an attacker who is also the LibTractor._user() to transfer plots from other users without their authorization. This could lead to the theft of plots and significant financial losses for the affected users.

Tools Used

  • Manual code review

  • Solidity compiler

Recommendations

Remove the if condition and always check the allowance before executing the transfer, regardless of whether the sender is the LibTractor._user(). This will ensure that all plot transfers are authorized and prevent unauthorized transfers.

Here's the corrected code snippet:

// Always check allowance before transferring
if (allowancePods(sender, LibTractor._user(), fieldId) < transferAmount) {
revert("Field: Insufficient approval.");
}
decrementAllowancePods(sender, LibTractor._user(), fieldId, transferAmount);
Updates

Lead Judging Commences

inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Unauthorized Plot Transfer Due to Allowance Bypass

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.