Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L224
If a user sends more ETH than the user has to, the contract just accepts it. The user will lose more ETH accidentally.
The buyOption function in Cally.sol:
buyOption
require(msg.value >= premium, "Incorrect ETH amount sent");
vim
Use == rather than >=:
==
>=
require(msg.value == premium, "Incorrect ETH amount sent");
reference issue: https://github.com/code-423n4/2022-05-cally-findings/issues/84
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L224
Vulnerability details
Impact
If a user sends more ETH than the user has to, the contract just accepts it. The user will lose more ETH accidentally.
Proof of Concept
The
buyOption
function in Cally.sol:Tools Used
vim
Recommended Mitigation Steps
Use
==
rather than>=
: