Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Price Manipulation Through Small Values

iepathos

Summary

The contract allows for extremely small values to be used as treat costs, which could lead to precision issues and potential price manipulation.

Vulnerability Details

Location: src/TrickOrTreat.sol:setTreatCost()

Proof of Concept:

function testSmallValuePriceManipulation() public {
// Set an extremely small treat cost
vm.prank(owner);
spookySwap.setTreatCost("Candy", 3); // 3 wei
// Attempt to buy at half price
vm.deal(user1, 2);
vm.prank(user1);
vm.expectRevert("Insufficient ETH sent for treat");
spookySwap.trickOrTreat{value: 1}("Candy"); // 1 wei is less than half of 3 wei
// Verify that even 2 wei is insufficient
vm.prank(user1);
vm.expectRevert("Insufficient ETH sent for treat");
spookySwap.trickOrTreat{value: 2}("Candy");
}

Impact

Using very small values (like 3 wei) could lead to rounding issues and unexpected behavior in price calculations, especially in the half-price scenario.

Tools Used

Forge

Recommendations

Implement a minimum treat cost value (e.g., 1 finney or 1e15 wei) to prevent potential issues with extremely small values.

Updates

Appeal created

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Very small cost

In case of treat, if the cost of the treat is very small, the user can get NFT for zero `requiredCost` due to rounding. Also, if the cost is small and odd, the user may get a given NFT at a lower price than intended.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.