diff --git a/README.md b/README.md index 43abc62a..d8d37eef 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,10 @@ Visit [Scout's website](https://coinfabrik.github.io/scout/) to view the full do | [iterators-over-indexing](https://github.com/CoinFabrik/scout/tree/main/detectors/avoid-format!-string) | [Iterating with hardcoded indexes is slower than using an iterator. Also, if the index is out of bounds, it will panic.](https://coinfabrik.github.io/scout/docs/vulnerabilities/iterators-over-indexing) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/iterators-over-indexing/iterators-over-indexing-1) | Enhacement | | [ink-version](https://github.com/CoinFabrik/scout/tree/main/detectors/ink-version) | [Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available.](https://coinfabrik.github.io/scout/docs/vulnerabilities/ink-version) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) | Enhacement | | [unprotected-set-code-hash](https://github.com/CoinFabrik/scout/tree/main/detectors/set-code-hash) | [If users are allowed to call terminate_contract, they can intentionally modify the contract behaviour.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-set-code-hash) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/set-code-hash/set-code-hash-1) | Critical | -| [unprotected-mapping-operation](https://github.com/CoinFabrik/scout/tree/main/detectors/unprotected-mapping-operation) | [Modifying mappings with an arbitrary key given by the user could lead to unintented modifications of critical data, modifying data belonging to other users, causing denial of service, unathorized access, and other potential issues.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-mapping-operation) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/unprotected-mapping-operation/unprotected-mapping-operation1) | Critical | +| [unprotected-mapping-operation](https://github.com/CoinFabrik/scout/tree/main/detectors/unprotected-mapping-operation) | [Modifying mappings with an arbitrary key given by the user could lead to unintented modifications of critical data, modifying data belonging to other users, causing denial of service, unathorized access, and other potential issues.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-mapping-operation) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/unprotected-mapping-operation/unprotected-mapping-operation-1) | Critical | +| [lazy-delegate](https://github.com/CoinFabrik/scout/tree/main/detectors/lazy-delegate) | [Delegated calls in ink! need lazy storage.](https://coinfabrik.github.io/scout/docs/vulnerabilities/lazy-delegate) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/lazy-delegate/lazy-delegate-1) | Critical | + + ## Tests To validate our tool, we provide a set of code examples located in the [test-cases](https://github.com/CoinFabrik/scout/tree/main/test-cases) folder. diff --git a/docs/docs/vulnerabilities/23-lazy-delegate.md b/docs/docs/vulnerabilities/23-lazy-delegate.md index 2a7ef6e6..55e96772 100644 --- a/docs/docs/vulnerabilities/23-lazy-delegate.md +++ b/docs/docs/vulnerabilities/23-lazy-delegate.md @@ -2,9 +2,10 @@ ## Description -- Vulnerability Severity: `High` +- Vulnerability Category: `Known Bugs` +- Vulnerability Severity: `Critical` - Detectors: [`lazy-delegate`](https://github.com/CoinFabrik/scout/tree/main/detectors/lazy-delegate) -- Test Cases: [`lazy-delegate`](https://github.com/CoinFabrik/scout/tree/main/test-cases/lazy-delegate/) +- Test Cases: [`lazy-delegate-1`](https://github.com/CoinFabrik/scout/tree/main/test-cases/lazy-delegate/lazy-delegate-1) ink! has a bug that makes delegated calls not modify the storage of the caller, unless it's using `Lazy` with `ManualKey` or `Mapping`. diff --git a/docs/docs/vulnerabilities/README.md b/docs/docs/vulnerabilities/README.md index 09097cb4..017f7dc0 100644 --- a/docs/docs/vulnerabilities/README.md +++ b/docs/docs/vulnerabilities/README.md @@ -37,6 +37,7 @@ The team discusses the creation of the list in this | Centralization | Analysis of centralization and single points of failure. | | Denial of Service | Denial of service. attacks. | | Gas Usage | Performance issues, enhancements and vulnerabilities related to use of gas. | +| Known Bugs | Known issues that remain unresolved. | | MEV | Patterns that could lead to the exploitation of Maximal Extractable Value. | | Privacy | Patterns revealing sensible user or state data. | | Reentrancy | Consistency of contract state under recursive calls. | @@ -336,3 +337,12 @@ This vulnerability falls under the [Validations and error handling](#vulnerabili and has a Critical severity. Check the following [documentation](22-unprotected-mapping-operation.md) for a more detailed explanation of this vulnerability class. + +### 23 - Lazy storage on delegate + +A bug in ink! causes delegated calls to not modify the caller's storage unless Lazy with ManualKey or Mapping is used. + +This vulnerability falls under the [Known Bugs](#vulnerability-categories) category +and has a Critical severity. + +Check the following [documentation](23-lazy-delegate.md) for a more detailed explanation of this vulnerability class.