Lack of refund mechanism for overpayment in EntityForging::forgeWithListed
#992
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-218
edited-by-warden
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_54_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L126
Vulnerability details
Summary
EntityForging::forgeWithListed
lets users to send moreETH
to the contract than the fee for the forging they intend to make.Impact
The contract does not account for or refund any excess Ether sent by Forgers beyond the required forging fee. This could result in users inadvertently losing funds if they send more than the required fee, as there is no mechanism to return the extra Ether.
Proof of Concept
In the current implementation of
forgeWithListed
, the function checks ifmsg.value
is at least equal toforgingFee
:https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L126
However, if
msg.value
exceedsforgingFee
, the contract does not refund the excess amount. This could lead to users losing extra funds sent beyond the required fee.Tools Used
Manual review
Recommended Mitigation Steps
Modify
EntityForging::forgeWithListed
to reject payments that exceedforgingFee
, or send back the extra funds to the user.This will ensure that users are protected from losing their funds due to overpayment, and will help to maintain trust in the contract.
Assessed type
ETH-Transfer
The text was updated successfully, but these errors were encountered: