Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

slowfi - Improper Access Control on _requireOnlyOperatorOrOwnerOf function #552

Closed
sherlock-admin4 opened this issue Jul 15, 2024 · 0 comments
Closed

slowfi - Improper Access Control on _requireOnlyOperatorOrOwnerOf function #552

sherlock-admin4 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Jul 15, 2024
edited
Loading

slowfi

High

Improper Access Control on _requireOnlyOperatorOrOwnerOf function

Summary

The permission function _requireOnlyOperatorOrOwnerOf on the MlumStaking contract returns always true failing to verify if the msg.sender is authorized for performing operations with the NFT.

Vulnerability Detail

The contract uses the function _isAuthorized incorrectly. The function should use as first parameter the owner, then the spender in order to verify. However the MlumStaking contract sends the msg.sender two times, making the function always return true.

Impact

Improper access control on NFT usage on the MlumStaking contract.

Code Snippet

MlumStaking.sol#L140-L143

  function _requireOnlyOperatorOrOwnerOf(uint256 tokenId) internal view {
      // isApprovedOrOwner: caller has no rights on token
      require(ERC721Upgradeable._isAuthorized(msg.sender, msg.sender, tokenId), "FORBIDDEN");
  }

ERC721Upgradeable contract _isAuthorized function

 function _isAuthorized(address owner, address spender, uint256 tokenId) internal view virtual returns (bool) {
      return
          spender != address(0) &&
          (owner == spender || isApprovedForAll(owner, spender) || _getApproved(tokenId) == spender);
  }

Tool used

Manual Review

Recommendation

Send the adequate parameters to the function to avoid malicious access controls.

Duplicate of #378
@github-actions github-actions bot added duplicate Medium A Medium severity issue. labels Jul 21, 2024
@sherlock-admin2 sherlock-admin2 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Sneaky Neon Mole - Improper Access Control on _requireOnlyOperatorOrOwnerOf function slowfi - Improper Access Control on _requireOnlyOperatorOrOwnerOf function Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin4