nneverlander
commented
2 years ago Closed code423n4 closed 2 years ago
nneverlander
commented
2 years ago nneverlander
commented
2 years ago 
HardlyDifficult
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L119-L121 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1228-L1232
Vulnerability details
Impact
The
rescueETHfunction does not work as expected and theETHbalance of the contract, received fromtakeMultipleOneOrdersandtakeOrders(rare but also fromfallbackandreceive), gets stuck on contractProof of Concept
With the
takeMultipleOneOrdersandtakeOrders(also by mistake thefallbackandreceive) functions the contract receive ETH to pay the exchange fees, the owner withdraw these fees with therescueETHbut this function send themsg.value, what was sent in the transaction, to thedestinationand this it's not the balance of the contractThe
fallbackandreceivefunctions worst this scenario because available the contract to receive ETHTools Used
Manual revision
Recommended Mitigation Steps
I recommend:
fallback,receivethe contract should not receive ETHrescueETHfunction:/// @dev Used for rescuing exchange fees paid to the contract in ETH function rescueETH(address payable destination) external onlyOwner { require(destination != address(0), "The destination can't be the address 0"); // @audit optional uint256 balance = address(this).balance; (bool sent, ) = destination.call{value: balance}(''); require(sent, 'Failed to send Ether'); emit RescueETH(destination, balance); // @audit optional }