Skip to content

Latest commit

 

History

History
33 lines (19 loc) · 1.26 KB

049.md

File metadata and controls

33 lines (19 loc) · 1.26 KB
Raw

Sparkly Fleece Mammoth

High

abitrary/large data can be passed into function getSupplyCollateralCalldata

Summary

The type and size of data required for function getSupplyCollateralCalldata was not specified. As it is an external function, malicious actors can try pass, malicious data such an attack contract byte data to break or re-enter the code. Large, meaningless data can also be passed by malicous actors, overloading the system, incuring gas cost and causing griefing attacks or DOS

https://github.com/sherlock-audit/2024-10-morpho-x-index/blob/main/index-protocol/contracts/protocol/integration/lib/Morpho.sol#L40

Attack Path

  1. attacker writes a malicious contract with the plan to take over ISetToken contract .
  2. attacker passes the bytecode of the contract to function getSupplyCollateralCalldata which calls back into function invokeSupplyCollateral which at the end of this function IsetToken is invoked https://github.com/sherlock-audit/2024-10-morpho-x-index/blob/main/index-protocol/contracts/protocol/integration/lib/Morpho.sol#L74

Impact

No response

PoC

No response

Mitigation

  1. specify the type/ size if data, if possible
  2. Use a re-entrant modifier from tested contracts like openzeppelin contracts