Closed code423n4 closed 2 years ago
InfinityExchange.sol#L300-L328 InfinityExchange.sol#L336-L364
When using InfinityExchange.sol:takeMultipleOneOrders or InfinityExchange.sol:takeOrders, if currency == address(0) and a user has a msg.value > totalPrice the overspent ETH is left in the contract and not sent back to the user.
InfinityExchange.sol:takeMultipleOneOrders
InfinityExchange.sol:takeOrders
currency == address(0)
msg.value > totalPrice
InfinityExchange.sol#L326
InfinityExchange.sol#L362
Consider changing the msg.value >= totalPrice on line 326 and line 362 to msg.value == totalPrice or sending the difference back to the function user.
msg.value >= totalPrice
msg.value == totalPrice
Duplicate of #244
Duplicate
Dupe of https://github.com/code-423n4/2022-06-infinity-findings/issues/244
Lines of code
InfinityExchange.sol#L300-L328 InfinityExchange.sol#L336-L364
Vulnerability details
Impact
When using
InfinityExchange.sol:takeMultipleOneOrders
orInfinityExchange.sol:takeOrders
, ifcurrency == address(0)
and a user has amsg.value > totalPrice
the overspent ETH is left in the contract and not sent back to the user.Proof of Concept
InfinityExchange.sol#L326
InfinityExchange.sol#L362
Recommended Mitigation Steps
Consider changing the
msg.value >= totalPrice
on line 326 and line 362 tomsg.value == totalPrice
or sending the difference back to the function user.