Closed howlbot-integration[bot] closed 1 month ago
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
This previously downgraded issue has been upgraded by koolexcrypto
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #218
koolexcrypto changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntityForging/EntityForging.sol#L126
Vulnerability details
Overcharging players resulting in Financial Imbalance in EntityForging in the forgeWithListed function [ready]
Impact: In EntityForging::forgeWithListed, the protocol checks that msg.value is equal to or greater than the forging fee. This often results in users paying more than required, as there is no mechanism to refund the excess amount. players that are perticipating in this game will someday lose interest in the game if they are been charged more than the initial amount the protocol wascsupposed to charge them
Proof of Concept:
Tool used manual review
Recommended Mitigation: since the protocol used >= to validate how much a player can forge with is essential that the protocol also add an implementation that accounts and send back players exccess back to them.
Assessed type
Other