The transferPlot
function in the MarketplaceFacet
contract contains a logic error that could allow unauthorized transfers of Plots under specific conditions.
The vulnerability exists in the following code snippet from the transferPlot
function:
The if
condition checks if the sender is not the LibTractor._user()
and if the allowance is not unlimited. Only if both conditions are true, the function decrements the allowance. However, if the sender is the LibTractor._user()
, the allowance check is bypassed, and the transfer proceeds without verifying if the sender has sufficient allowance.
This vulnerability could allow an attacker who is also the LibTractor._user()
to transfer plots from other users without their authorization. This could lead to the theft of plots and significant financial losses for the affected users.
Manual code review
Solidity compiler
Remove the if
condition and always check the allowance before executing the transfer, regardless of whether the sender is the LibTractor._user()
. This will ensure that all plot transfers are authorized and prevent unauthorized transfers.
Here's the corrected code snippet:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.