Lack of Excess Ether Refund Mechanism in buyMartenitsa Function
Summary
The buyMartenitsa function in the MartenitsaMarketplace.sol contract is vulnerable to a potential loss of funds due to an oversight in handling excess Ether sent by users.
Vulnerability Details
In the buyMartenitsa function, there is a requirement that ensures the amount of Ether sent (msg.value) is greater than or equal to the listing price.
require(msg.value >= listing.price, "Insufficient funds");
However, if a user accidentally sends more Ether than required, there is no mechanism in place to refund the excess Ether. As a result, the excess Ether will remain locked in the contract indefinitely, leading to a loss of funds for users.
Impact
This vulnerability can lead to a loss of funds for users who accidentally send more Ether than required when purchasing a Martenitsa token. Over time, this accumulation of locked funds could have a negative impact on user trust and the reputation of the marketplace contract.
Tools Used
manual code review.
Recommendations
To address this vulnerability and ensure the safety of user funds, the following fix is recommended:
Implement a Refund Mechanism: Modify the buyMartenitsa function to include a mechanism for refunding excess Ether to the sender. After deducting the required amount for the purchase, any excess Ether should be returned to the sender's address.
Example:
Lead Judging Commences
Excess ETH not refunded to the user
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.