First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Extra ETH sent to buy a Martenitsa will be stuck in `MartenitsaMarketplace` forever

funkornaut

Summary

For a user to purchase a Martenitsa via MartenitsaMarketplace::buyMartenitsa they must send ETH or a native token to the contract that is greater than or equal to the listing price.

require(msg.value >= listing.price, "Insufficient funds");

In the case where a user accidentally sends more ETH than is necessary, they will not be refined and the extra ETH will be stuck in the MartenitsaMarketplace smart contract.

Vulnerability Details

The MartenitsaMarketplace has to function to withdraw ETH or native tokens nor does it refund a user in case they send more ETH than necessary to purchase a Martenitsa so any extra funds sent to the contract will be stuck forever

Impact

Stuck native tokens

Tools Used

Manual Review

Recommendations

To protect users from themselves it is recommended to change the require statement to require users send the exact amount of eth to the contract for the purchase.

function buyMartenitsa(uint256 tokenId) external payable {
....
- require(msg.value >= listing.price, "Insufficient funds");
+ require(msg.value = listing.price, "Insufficient funds");
....
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Excess ETH not refunded to the user

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.