Clearwood
commented
3 years ago This does not pose an additional risk.
Open code423n4 opened 3 years ago
Clearwood
commented
3 years ago This does not pose an additional risk.
ghoul-sol
commented
3 years ago If used correctly, no exploit is possible.This is best practice recommendation. Non-critical.
Handle
JMukesh
Vulnerability details
Impact
excessive eth is not transfered back to the deployer if msg.value is greater than minimum fees in misomarket.sol, misotokenFactory.sol, misolauncher.sol, misofarmfactory.sol
Proof of Concept
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/MISOLauncher.sol#L220
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/MISOFarmFactory.sol#L216
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/MISOMarket.sol#L224
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/MISOTokenFactory.sol#L214
Tools Used
manual review
Recommended Mitigation Steps
add a step to return excessive eth back to deployer