Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Invalid msg.value Validation in TokenDivider::buyOrder: Protocol Fees Not Properly Accounted for in `msg.value` Check, Leading to Potential Underpayment

riceee

Summary

When buying an Order the user pays two fees:

  • Seller Fees (included in the order price) sellerFee

  • Protocol Fees fee

The validation check here wrongly checks for order.price + sellerFee which leads to underpayments since sellerFee is half of fee

if(msg.value < order.price + sellerFee) {
revert TokenDivider__InsuficientEtherForFees();
}

This results in the protocol getting less fess than intended as the sellerFee is not actually being received by the protocol

Example Scenario:
Let fee = 200 and sellerFee = 100.
order.price is inclusive of sellerFee:

order.price = sellerFee + price = 100 + 400 = 500;

The msg.value check passes if:

msg.value >= order.price + sellerFee = 500 + 100 = 600;

After the transaction:
Seller receives: order.price - sellerFee = 500 - 100 = 400.
Owner receives: fee = 200.

The protocol misses out on sellerFee

Tools Used

Manual Review

Recommendations

Ensure correct validation by checking if the msg.value is less than order.price + fee

if(msg.value < order.price + fee) {
revert TokenDivider__InsuficientEtherForFees();
}
Updates

Lead Judging Commences

fishy Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

riceee Submitter
7 months ago
fishy Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.