search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

Overpaying ETH in `InfinityExchange` #337

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L326 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L362

Vulnerability details

Impact

A user of the InfinityExchange contract can accidentally send more ETH than needed without the possibility to get the overpaid amount refunded.

Proof of Concept

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L326

if (isMakerSeller && currency == address(0)) {
    require(msg.value >= totalPrice, 'invalid total price');
}

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L362

if (isMakerSeller && currency == address(0)) {
    require(msg.value >= totalPrice, 'invalid total price');
}

Tools Used

Manual review

Recommended mitigation steps

Consider preventing sending more ETH than needed by adapting the require statement as following:

require(msg.value == totalPrice, 'invalid total price');
nneverlander commented 2 years ago

Duplicate

nneverlander commented 2 years ago

https://github.com/code-423n4/2022-06-infinity-findings/issues/244

HardlyDifficult commented 2 years ago

Dupe of https://github.com/code-423n4/2022-06-infinity-findings/issues/244