search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

Order executions may fail for tokens that prevent zero amount transfers #212

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L899

Vulnerability details

Description

While unlikely, should the protocol fee be set to zero, it is possible for orders to revert if the buy token is an ERC20 that reverts on zero amount transfers (Eg. BNB).

// possibly revert if fee set to 0
IERC20(buy.execParams[1]).safeTransferFrom(buy.signer, address(this), protocolFee);

Recommended Mitigation Steps

Only execute the safeTransferFrom() if protocol fee is non-zero.

HardlyDifficult commented 2 years ago

If this were to occur, the admin could raise the fee to correct the issue. But adding a require (or addressing the 0 fee scenario) is a good consideration. Merging with the warden's QA report https://github.com/code-423n4/2022-06-infinity-findings/issues/209