search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

DOS If the check in `matchOrders` fails #321

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#:~:text=weth%20%3D%20WETH%3B-,for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20numSells%3B%20)%20%7B,)%3B,-unchecked%20%7B

Vulnerability details

Impact

When checking the executionValid fails in the middle of the iteration it could interrupt the whole matchOrders

Proof of Concept

[InfinityExchange.sol L#272-288]https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#:~:text=for%20(uint256%20i%20%3D%200%3B%20i%20%3C%20numSells,weth

Tools Used

Manuel Review

Recommended Mitigation Steps

nneverlander commented 2 years ago

Intentional

HardlyDifficult commented 2 years ago

matchOrders could revert, but then the matching engine could remove the bad order and try again. Lowering risk and converting into a QA report for the warden.