Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

No Safeguard on sendProfit

hackz

Summary:

The sendProfit function in the MembershipERC1155 contract allows the contract owner to send profits without proper safeguards, potentially leading to unintended loss of funds or abuse of the function.

Finding Description:

The sendProfit function allows the contract with the OWP_FACTORY_ROLE to transfer a specified amount of profit to the contract itself and subsequently distribute it. However, it does not contain any restrictions or checks to ensure that the amount being sent is reasonable or within a set limit. If an attacker or malicious actor has control of the OWP_FACTORY_ROLE or is able to manipulate the transfer amount, they could drain funds from the contract or misappropriate large sums of money.

This breaks the security guarantee of fund integrity as the function does not check for sanity limits or conditions that could prevent abuse. The lack of safeguards makes it risky for the contract to accept arbitrary large transfers of funds.

Vulnerability Details:

  • Vulnerability Type: Inadequate validation in profit distribution

  • Affected Function: sendProfit(uint256 amount)

  • Risk: Malicious actors could transfer arbitrarily large sums to the contract, draining funds or redistributing profits in unintended ways.

Impact:

The lack of validation on the sendProfit function exposes the contract to the risk of malicious or accidental large fund transfers. Without checks in place, an attacker with access to the OWP_FACTORY_ROLE could transfer an unreasonably large amount of funds into the contract, which could be distributed to token holders, resulting in a loss or theft of funds. This significantly weakens the contract's financial integrity.

Proof of Concept:

  1. An attacker with OWP_FACTORY_ROLE could call sendProfit with a very large value for amount (e.g., 1e18 or more).

  2. If the total supply of tokens is low, the profit distribution could unfairly benefit token holders or drain funds entirely.

  3. This would lead to either a disproportionate distribution or an empty contract if misused.

Here’s an example of a malicious call:

// Attacker calls sendProfit with an abnormally large amount
attacker.sendProfit(1e18); // Could cause unexpected loss of funds

Recommendations:

To prevent this issue, we recommend introducing a sanity check to ensure that the amount is within a reasonable range before it is processed. A simple limit could be set to prevent excessively large transfers from being processed.

Here’s a code snippet to implement this fix:

/// @notice Distributes profits to token holders
/// @param amount The amount of currency to distribute
function sendProfit(uint256 amount) external {
uint256 _totalSupply = totalSupply;
// Add a safeguard to prevent sending unreasonably large amounts
uint256 maxAllowed = 1e12; // Set a maximum allowed profit distribution
require(amount <= maxAllowed, "Amount exceeds the maximum allowed");
if (_totalSupply > 0) {
totalProfit += (amount * ACCURACY) / _totalSupply;
IERC20(currency).safeTransferFrom(msg.sender, address(this), amount);
emit Profit(amount);
} else {
IERC20(currency).safeTransferFrom(msg.sender, creator, amount); // Redirect profit to creator if no supply
}
}

This ensures that the amount passed to the sendProfit function does not exceed a reasonable threshold, preventing the contract from being abused.

File Location:

MembershipERC1155.sol

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.