nneverlander
commented
2 years ago Duplicate
Closed code423n4 closed 2 years ago
nneverlander
commented
2 years ago Duplicate
HardlyDifficult
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L739
Vulnerability details
Impact
Gas cost when matching orders is payed by the buyer. Since buyers don't have control on order execution, they may spend more gas than what they are willing to. Examples: periods of high gasPrice, or if NFTs for some reason consume a extra amount of gas.
Proof of Concept
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L739 and other similar functions...
Recommended Mitigation Steps
Consider adding a parameter to a MakerOrder where the user may specify the max amount of gas they're willing to spend.