anyone can change the global data uniswapfactory contracts #309
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
insufficient quality report
This report is not of sufficient quality
🤖_56_group
AI based duplicate group recommendation
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/libraries/logic/AddPairLogic.sol#L44
Vulnerability details
Proof of Concept
The
initializeGlobalData
function is marked as external, meaning it can be called from outside the contract. This design choice allows external contracts or accounts to invoke this function. The purpose ofinitializeGlobalData
is to initialize global data, which includes setting theuniswapFactory
address. Global data often contains critical information that governs the behavior and interactions of the entire system.Despite the importance of the
uniswapFactory
address and the sensitivity of global data, there are no access control mechanisms implemented within theinitializeGlobalData
function. This means that any external entity with knowledge of theAddPairLogic
contract address and access to theGlobalDataLibrary.GlobalData
struct can potentially invoke this function and modify theuniswapFactory
address.An attacker could exploit this vulnerability by deploying a malicious contract or by gaining control of an existing contract within the system. Once control is established, the attacker could call
initializeGlobalData
with a maliciousuniswapFactory
address, thereby compromising the integrity and functionality of the system. For example, the attacker could substitute a legitimate Uniswap factory address with a malicious one, leading to unintended interactions with malicious contracts or loss of funds.Impact
Since the
uniswapFactory
address is utilized in functions likeaddPair
for verifying the validity of Uniswap pools, unauthorized modification of this address could result in the addition of invalid or malicious token pairs. This could lead to unforeseen interactions with counterfeit Uniswap pools, potentially causing disruptions in trading activities, loss of funds, or even manipulation of asset prices within the system. Consequently, the integrity and reliability of the entire token pair addition process would be compromised, posing significant risks to users and the stability of the platform.Tools Used
Manual
Recommended Mitigation Steps
Implement access control mechanisms to restrict the invocation of the
initializeGlobalData
function to only trusted contracts,addresses or make initializeGlobalData can be called by only once when initialize the contracts .Assessed type
Access Control
The text was updated successfully, but these errors were encountered: