Closed howlbot-integration[bot] closed 1 month ago
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
This previously downgraded issue has been upgraded by koolexcrypto
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #218
koolexcrypto marked the issue as not a duplicate
koolexcrypto marked the issue as duplicate of #41
koolexcrypto removed the grade
koolexcrypto marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L101-L175
Vulnerability details
Impact
Excess Funds are always lost, so users lost fund.
Proof of Concept
In
forgeWithListed()
users payforgingFee
and merge NFT. But in here remaining funds excluding forgingFee will not be returned.As you can see above, only the specific forgingFee should be sent to the NukeFund contract and the forgerOwner, regardless of the amount of ETH (msg.value) being transmitted. If the forgingFee is changed for any reason before the transaction is executed, there might be leftover ETH in the contract As a result users suffer from loss of fund.
Tools Used
Mannual Review
Recommended Mitigation Steps
forgeWithListed()
is modified as follow.Assessed type
ETH-Transfer