Incorrect event parameters in transferFrom function #36
Labels
1 (Low Risk)
bug
Something isn't working
disagree with severity
duplicate
This issue or pull request already exists
Comments
|
Duplicate #55, dispute the categorization. This should be Low Risk. |
jeffywu
added
disagree with severity
duplicate
|
External services might be affected but it's not clear how significant it would be. Most of the time events are not critical. Making this low risk. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
JMukesh
Vulnerability details
Impact
different parameter are being set in Approval event in transferFrom()
function transferFrom(
address from,
address to,
uint256 amount
) external override returns (bool) {
(bool success, uint256 newAllowance) =
proxy.nTokenTransferFrom(currencyId, msg.sender, from, to, amount);
// here first parameter should be owner and second should be spender
// as mentioned in ntokenErc20.sol that is :
// event Approval(address indexed owner, // address indexed spender, uint256 amount);
This error may negatively impact
off-chain tools that are monitoring critical transfer events of the token.
Proof of Concept
https://github.com/code-423n4/2021-08-notional/blob/4b51b0de2b448e4d36809781c097c7bc373312e9/contracts/external/adapters/nTokenERC20Proxy.sol#L100
Tools Used
manual review
Recommended Mitigation Step
The text was updated successfully, but these errors were encountered: