Closed howlbot-integration[bot] closed 1 month ago
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
This previously downgraded issue has been upgraded by koolexcrypto
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #218
koolexcrypto marked the issue as duplicate of #218
koolexcrypto changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntityForging/EntityForging.sol#L102-L175
Vulnerability details
Impact
The
forgeWithListed
function in theEntityForging
contract allows an entity with the merger role to forge a listed token with its own token. The function requires the merger to pay the forging fee defined by the forger. The issue is that the function does not refund the merger for any excess payment:According to the following check
require(msg.value >= forgingFee, 'Insufficient fee for forging');
, the merger can send ETH above the required fee, resulting in the excess payment being stuck in the contract and not returned to the merger.Tools Used
Manual Review
Recommended Mitigation Steps
Consider either restricting the payment to exactly the
forgingFee
or refunding the merger for any excess payment.Assessed type
ETH-Transfer