Closed c4-bot-3 closed 3 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
Devoid of numerical examples to support your claim.
hansfriese marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibOrders.sol#L600-L615
Vulnerability details
Proof of Concept
Whenever an asked bid is to be matched the
sellMatchAlgo()
gets called, now take a look at this section of the function https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibOrders.sol#L600-L615This essectially checks to ensure that after matching the ask not less than dust is added back to the order book, i.e the
else
block since the if block is for when the amounts match, however the calculation to check for the remaining amount not being less than the minimum accepted value is flawed, because of an additional multiplication toC_DUST_FACTOR
which is0.5
ether.The right check should be
if (highestBid.ercAmount.mul(highestBid.price) < LibAsset.minBidEth(asset)
, but with the addition of the multiplication toC_DUST_FACTOR
which in short is0.5 ether
this heavily overvalues the right side of the equation and makes bids that've beeen matched that didn't leave less than the minimum accepted eth value back in the order book to have the transaction revertImpact
Valid attempts would fail causing DOS at matching asks since now the
minEther
is very highRecommended Mitigation Steps
Consider not multiplying to
C_DUST_FACTOR
insellMatchAlgo()
and instead just checkif (highestBid.ercAmount.mul(highestBid.price) < LibAsset.minBidEth(asset)
Assessed type
Error