search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

User may lose funds if ```msg.value > totalPrice``` #304

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

InfinityExchange.sol#L300-L328 InfinityExchange.sol#L336-L364

Vulnerability details

Impact

When using InfinityExchange.sol:takeMultipleOneOrders or InfinityExchange.sol:takeOrders, if currency == address(0) and a user has a msg.value > totalPrice the overspent ETH is left in the contract and not sent back to the user.

Proof of Concept

InfinityExchange.sol#L326

InfinityExchange.sol#L362

Recommended Mitigation Steps

Consider changing the msg.value >= totalPrice on line 326 and line 362 to msg.value == totalPrice or sending the difference back to the function user.

KenzoAgada commented 2 years ago

Duplicate of #244

nneverlander commented 2 years ago

Duplicate

HardlyDifficult commented 2 years ago

Dupe of https://github.com/code-423n4/2022-06-infinity-findings/issues/244