Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FeeSplitter: totalWeights can be set to 0 by onlyOwner #43

Open
code423n4 opened this issue Nov 14, 2021 · 0 comments
Open

FeeSplitter: totalWeights can be set to 0 by onlyOwner #43

code423n4 opened this issue Nov 14, 2021 · 0 comments
Assignees
@maximebrugel
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Handle

GiveMeTestEther

Vulnerability details

Impact

The storage variable totalWeights can be set 0 by onlyOwner and therefore we would have a division by zero in the function "_computeShareCount"
https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/FeeSplitter.sol#L268

Proof of Concept

-Assumption we have one shareholder with weight S1 > 0 and royaltiesWeight > 0.
-With the function updateShareholder the onlyOwner sets the S1 of our shareholder to 0.
- updateShareholder: https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/FeeSplitter.sol#L166
- require(_totalWeights > 0, "FeeSplitter: TOTAL_WEIGHTS_ZERO") condition is met because _totalWeights is the sum of all shareholder weights + royaltiesWeight, and royaltiesWeight is > 0

Tools Used

Manual Analysis

Recommended Mitigation Steps

At the end of the function setRoyaltiesWeight check for 0 weight with a require: require(totalWeights > 0, "FeeSplitter: TOTAL_WEIGHTS_ZERO");
https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/FeeSplitter.sol#L94
@code423n4 code423n4 added 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working labels Nov 14, 2021
code423n4 added a commit that referenced this issue Nov 14, 2021
@code423n4
GiveMeTestEther issue #43
19dbdaf
@adrien-supizet adrien-supizet added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Nov 18, 2021
@adrien-supizet adrien-supizet mentioned this issue Nov 22, 2021
Closed
@maximebrugel maximebrugel mentioned this issue Dec 2, 2021
Closed
@maximebrugel maximebrugel self-assigned this Dec 2, 2021
@adrien-supizet adrien-supizet mentioned this issue Dec 2, 2021
Merged
@alcueca alcueca added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments and removed 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation labels Dec 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maximebrugel maximebrugel

Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@maximebrugel @adrien-supizet @alcueca @code423n4