nneverlander
commented
2 years ago Duplicate
Closed code423n4 closed 2 years ago
nneverlander
commented
2 years ago Duplicate
HardlyDifficult
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1266 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1135
Vulnerability details
Impact
The owner of InfinityExchange contract can set arbitrarly big fees, and coul stole funds from seller.
Proof of Concept
When an order is executed the payment and the transfer from buyer to seller and viceversa are done by _transferNFTsAndFees() function wich uses _transferMultipleNFTs() to transfer the NFT to the buyer and _transferFees() to transfer payment to the seller and pay the fees to the contract. But if the fees are set to close values to 10000 the protocol fees will equal the amount to pay to the seller. https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1135 and the protocol will keep all the payment
Tools Used
Recommended Mitigation Steps
set a max fee and require the new fee setted to be less than maxfee