code-423n4 / 2022-05-cally-findings

2 stars 0 forks source link

It should prevent users from sending more native tokens #245

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L224

Vulnerability details

Impact

If a user sends more ETH than the user has to, the contract just accepts it. The user will lose more ETH accidentally.

Proof of Concept

The buyOption function in Cally.sol:

        require(msg.value >= premium, "Incorrect ETH amount sent");

Tools Used

vim

Recommended Mitigation Steps

Use == rather than >=:

        require(msg.value == premium, "Incorrect ETH amount sent");

outdoteth commented 2 years ago

reference issue: https://github.com/code-423n4/2022-05-cally-findings/issues/84