No way to return and withdraw excess amount in EntityForging::forgeWithListed
, Locking of funds.
#498
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-218
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_54_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntityForging/EntityForging.sol#L126
Vulnerability details
Impact
In
EntityForging::forgeWithListed
function amsg.sender
can send money to forge with forgerId to generate a newTokenId to forge with any forgerIdmsg.sender
have to pay someforgingFee
amount.forgeWithListed
also have a check thatrequire(msg.value >= forgingFee, 'Insufficient fee for forging');
and except forgingFee the excess amount should return to msg.sender but missing this returning ofmsg.value-forgingFee
to msg.sender cause locking of funds inEntityForging
. No one can withdraw money from this contract anyway.Proof of Concept
forgeWithListed
function msg.sender sent money.forgingFee
msg.value-forgingFee
> 0 then, there is no code to return excess money to msg.sender and not also any withdraw function to take money out of this contract.See code below
EntityForging::forgeWithListed
:code
Tools Used
Manual review
Recommended Mitigation Steps
Add the changes in the following code:
Assessed type
ETH-Transfer
The text was updated successfully, but these errors were encountered: