illuzen
commented
2 years ago Duplicate #48
Closed code423n4 closed 2 years ago
illuzen
commented
2 years ago Duplicate #48
gititGoro
commented
2 years ago Increasing severity as user funds are lost.
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/SpeedBumpPriceGate.sol#L65-L82
Vulnerability details
Impact
NFTs should be sold for their best price without descending into a gas race: https://github.com/code-423n4/2022-05-factorydao#mint Due to SpeedBumpPriceGate.sol function passThruGate() code users will pay more than required for NFT Minting. User will pay msg.value and not the NFT "price". It is very likely that user will send more ether than current price because price increase can happen between purchase transaction transmission and actual processing. Users should be refunded if they send more ether than required in order to decrease gas race possibility.
Recommended Mitigation Steps
1) Pay NFT price and not msg.value replace: (bool sent, bytes memory data) = gate.beneficiary.call{value: msg.value}(""); https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/SpeedBumpPriceGate.sol#L79 with: (bool sent, bytes memory data) = gate.beneficiary.call{value: price}(""); 2) Refund unspent msg.value back to user