Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Contract can `Recieve()` ether but, cannot send ether.

viquetoh

Summary:

The DatasetAccessRegistry contract has a function that can receive ether but has no withdraw() function causing a permanent lock of value.

Vulnerability Details:

import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";

import {UUPSUpgradeable} from "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";

import {KnowledgeRegistry} from "../core/KnowledgeRegistry.sol";

import {DatasetAccessToken} from "../assets/DatasetAccessToken.sol";

/// @notice This registry stores the access keys for datasets.

contract DatasetAccessRegistry is UUPSUpgradeable, OwnableUpgradeable {

/// @dev Relation name.

bytes32 public constant RELATION_NAME = bytes32("Dataset");

event AccessRequest(address indexed user, uint256 indexed knowledgeId);

event AccessResponse(address indexed user, uint256 indexed knowledgeId);

mapping(address user => mapping(uint256 knowledge => bytes key)) public accessKeys;

constructor() {

_disableInitializers();

}

upgrade the contract.

function _authorizeUpgrade(address newImplementation) internal override onlyOwner {}

function initialize(KnowledgeRegistry knowledgeRegistry_) public initializer {

__Ownable_init(msg.sender);

knowledgeRegistry = knowledgeRegistry_;

}

the name "Dataset".

function requestAccess(address user) public {

DatasetAccessToken token = DatasetAccessToken(msg.sender);

// get knowledge id from the calling contract

uint256 knowledgeId = token.knowledgeId();

if (accessKeys[user][knowledgeId].length != 0) {

revert AccessKeyExists(user, knowledgeId);

}

if (!knowledgeRegistry.isRegistered(knowledgeId)) {

revert UnregisteredKnowledge(knowledgeId);

}

address relation = knowledgeRegistry.relations(knowledgeId, RELATION_NAME);

if (relation != msg.sender) {

revert UnknownRelation(msg.sender);

}

emit AccessRequest(user, knowledgeId);

}

function setAccessKey(bytes memory accessKey, uint256 knowledgeId, address knowledgeOwner) external onlyOwner {

accessKeys[knowledgeOwner][knowledgeId] = accessKey;

}

Impact:

Since there is no function allowing ether to be sent out, any ether sent to this function will be permanently locked and will be inaccessible.

Tools Used:

Manual review.

Recommendations

Add a withdraw() function that can let ether be withdrawn by an authorized party.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.