Description
Incorrect Deal event data on bid interface
Author
catding
Scope
Smart Contract
Status
EligibleResolvedReward Distributed
Risk Score
1.25
Risk Severity
Low
Reward Amount
39,600
Reported Date
June 21, 2022
Bugfix Commits
Categories
Transaction of Reward Distribution
Details
Summary
Bidding a defaulted pixel emits Deal event with incorrect from parameter.
Context
Deal event is emitted in bid with parameter from (the original owner of a pixel).
When bid a new pixel that just been defaulted, the from is the previous owner, not zero address.
Form an Attack
N/A
Affected Assets
- contracts/src/TheSpace/TheSpace.sol (commit: 554558a)
Risk Score
Likelihood
Factors | Score | Reason |
Threat Agent Factors | ||
Skill Level | 1 | N/A |
Motive | 1 | N/A |
Opportunity | 1 | N/A |
Size | 1 | N/A |
Vulnerability Factors | ||
Ease of Exploit | 1 | N/A |
Awareness | 1 | N/A |
Impact
Factors | Score | Reason |
Technical Impact Factors | ||
Loss of Integrity | 2 | impact on Deal event |
Loss of Availability | 1 | N/A |
Loss of Accountability | 1 | N/A |
Business Impact Factors | ||
Financial Damage | 1 | N/A |
Overall Likelihood: 1
Overall Impact: 1.25
Over Risk Score = Impact * Likelihood = 1.25