Unauthorized Plot Transfer Due to Allowance Bypass in transferPlot
Summary
The transferPlot function in the MarketplaceFacet contract contains a logic error that could allow unauthorized transfers of Plots under specific conditions.
Vulnerability Details
The vulnerability exists in the following code snippet from the transferPlot function:
The if condition checks if the sender is not the LibTractor._user() and if the allowance is not unlimited. Only if both conditions are true, the function decrements the allowance. However, if the sender is the LibTractor._user(), the allowance check is bypassed, and the transfer proceeds without verifying if the sender has sufficient allowance.
Impact
This vulnerability could allow an attacker who is also the LibTractor._user() to transfer plots from other users without their authorization. This could lead to the theft of plots and significant financial losses for the affected users.
Tools Used
Manual code review
Solidity compiler
Recommendations
Remove the if condition and always check the allowance before executing the transfer, regardless of whether the sender is the LibTractor._user(). This will ensure that all plot transfers are authorized and prevent unauthorized transfers.
Here's the corrected code snippet:
Lead Judging Commences
Unauthorized Plot Transfer Due to Allowance Bypass
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.