Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malicious homeowners can rug #31

Closed
c4-bot-10 opened this issue Oct 11, 2024 · 2 comments
Closed

Malicious homeowners can rug #31

c4-bot-10 opened this issue Oct 11, 2024 · 2 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-2 🤖_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@c4-bot-10
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-10-coded-estate/blob/main/contracts/codedestate/src/execute.rs#L523-L541

Vulnerability details

Description

Homeowners can trigger burn() (CW_721) from execute.rs file.
They can pass the token_id and burn it without checking if the homeowner has ongoing rent or any reservations.

    fn burn(
        &self,
        deps: DepsMut,
        env: Env,
        info: MessageInfo,
        token_id: String,
    ) -> Result<Response<C>, ContractError> {
        let token = self.tokens.load(deps.storage, &token_id)?;
        self.check_can_send(deps.as_ref(), &env, &info, &token)?;

        self.tokens.remove(deps.storage, &token_id)?;
        self.decrement_tokens(deps.storage)?;

So, a malicious homeowner can rug his customers which will lead the travelers with approved/non-approved rent will lose their deposit.
By triggering execute.rs#burn() at any time.

Impact

  • Malicious homeowners can rug
  • Travelers with approved/non-approved rent will lose their funds
  • the current tenant can't finish his paid period

Tools Used

Manual Review

Recommended Mitigation Steps

call check_can_edit_long() or check_can_edit_short() (currently are the same thing) to check if the rentals is empty or no active rent/reservation

File: execute.rs#burn()

fn burn(
        &self,
        deps: DepsMut,
        env: Env,
        info: MessageInfo,
        token_id: String,
    ) -> Result<Response<C>, ContractError> {
        let token = self.tokens.load(deps.storage, &token_id)?;
        self.check_can_send(deps.as_ref(), &env, &info, &token)?;
+       self.check_can_edit_short(&env, &token)?;

Assessed type

Rug-Pull
@c4-bot-10 c4-bot-10 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Oct 11, 2024
c4-bot-9 added a commit that referenced this issue Oct 11, 2024
@c4-bot-9
Ch_301 issue #31
2d16d5e
@c4-bot-13 c4-bot-13 added the 🤖_primary AI based primary recommendation label Oct 11, 2024
@c4-judge
Copy link
Contributor

OpenCoreCH marked the issue as duplicate of #2

@c4-judge
Copy link
Contributor

OpenCoreCH marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Oct 15, 2024
@blockchainstar12 blockchainstar12 added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-2 🤖_primary AI based primary recommendation satisfactory satisfies C4 submission criteria; eligible for awards sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@c4-judge @c4-bot-10 @blockchainstar12 @c4-bot-13