Closed howlbot-integration[bot] closed 1 month ago
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
This previously downgraded issue has been upgraded by koolexcrypto
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #218
koolexcrypto changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntityForging/EntityForging.sol#L126
Vulnerability details
Impact
When a user/Merger calls the
forgeWithListed
function and sends more Ether than the required forging fee, the excess amount is not returned to the user. This could result in a loss of funds for users who inadvertently send more Ether.Proof of Concept
Required forging fee: 0.1 Ether User sends: 1 Ether Excess fee: 0.9 Ether (not refunded)
Tools Used
Manual review
Recommended Mitigation Steps
Assessed type
ETH-Transfer