Some ETH may be locked in the contract #332
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-218
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_54_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L126 https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L146-L159
Vulnerability details
Impact
The
msg.value
passed in when theforgeWithListed
function of the EntityForging contract is called can be greater than theforgingFee
. However, when processing the incoming eth, the sum ofdevFee
andforgerShare
is equal to theforgingFee
. Ifmsg.value
is greater thanforgingFee
, then the eth ofmsg.value-forgingFee
will be left in the contract and cannot be withdrawn.Proof of Concept
Relevant code:
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L126
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L146-L159
Modify some code in the official test case
EntityForging.test.ts
:Test output:
Tools Used
vscode, hardhat
Recommended Mitigation Steps
It is recommended to modify the code at
EntityForging.sol#L126
to:Assessed type
ETH-Transfer
The text was updated successfully, but these errors were encountered: