Bug: Diamond contract CEI violation drains MOR on failed session open
Impact
When session open fails on-chain, MOR tokens are drained from the user's wallet even though the session is not opened. This is a Diamond contract bug on Base mainnet.
Affected wallet: 0x845103754C0FF91fdFBEF2B8d59b54185DC79499
MOR lost: 48.42 (48.42 MOR transferred to Diamond, session not opened)
On-Chain Evidence
TX that failed but drained tokens:
0x9b16af7850b73cfe4b228290b68fb477d6457764e3cdfff60f45c3fd55694d20
Function called: 0xa85a1782(address wallet, uint256 amount, uint256)
Parameters: wallet=0x845103754C0FF91fdFBEF2B8d59b54185DC79499, amount=48422474629085792509 (48.42 MOR)
The transaction status is FAILED on-chain, but the MOR tokens were already transferred via ERC20 transferFrom before the validation failed. The tokens remain in the Diamond contract.
Root Cause
The Diamond contract's session open flow transfers MOR tokens (via ERC20 transferFrom) before validating that the user has sufficient balance for the full session cost. This is a Checks-Effects-Interactions (CEI) violation. When the validation fails, the transaction reverts but the ERC20 transfer has already completed.
Workaround
None available at the skill level. The contract needs to be fixed upstream.
Severity
CRITICAL — users can permanently lose MOR by attempting to open sessions, even when the session fails.
Tags
contract-bug, diamond, cei-violation, mor-loss, base-mainnet
Bug: Diamond contract CEI violation drains MOR on failed session open
Impact
When session open fails on-chain, MOR tokens are drained from the user's wallet even though the session is not opened. This is a Diamond contract bug on Base mainnet.
Affected wallet: 0x845103754C0FF91fdFBEF2B8d59b54185DC79499
MOR lost: 48.42 (48.42 MOR transferred to Diamond, session not opened)
On-Chain Evidence
TX that failed but drained tokens:
0x9b16af7850b73cfe4b228290b68fb477d6457764e3cdfff60f45c3fd55694d20
Function called: 0xa85a1782(address wallet, uint256 amount, uint256)
Parameters: wallet=0x845103754C0FF91fdFBEF2B8d59b54185DC79499, amount=48422474629085792509 (48.42 MOR)
The transaction status is FAILED on-chain, but the MOR tokens were already transferred via ERC20 transferFrom before the validation failed. The tokens remain in the Diamond contract.
Root Cause
The Diamond contract's session open flow transfers MOR tokens (via ERC20 transferFrom) before validating that the user has sufficient balance for the full session cost. This is a Checks-Effects-Interactions (CEI) violation. When the validation fails, the transaction reverts but the ERC20 transfer has already completed.
Workaround
None available at the skill level. The contract needs to be fixed upstream.
Severity
CRITICAL — users can permanently lose MOR by attempting to open sessions, even when the session fails.
Tags
contract-bug, diamond, cei-violation, mor-loss, base-mainnet