Incorrect fee value logic in buyOrder function
Summary
The buyOrder function facilitates the purchase of an order listed by a seller.
Vulnerability Details
The fee is calculated as order.price / 100, which is correct for a 1% fee. However, the seller's share of the fee is calculated as fee / 2, which seems to imply that only half of the 1% fee is deducted from the seller. This needs to be clarified whether the intention is to split the fee between the seller and another entity or if the entire fee should be deducted from the seller's proceeds.
Mistake or unintentional action has pleace in fee painng, because Seller is paying 1/2 of fee but the buyer all fee.
Transfer eth to seller
transfer fee
Impact
The total fee that needs to be handled for the buyOrder function is 1.5 times the calculated fee, instead of just 1%.
Value of Eth in transaction can be not sufficent.
And also for value like 1 wei approach like /2 will produce math error in fee computation.
The current implementation of the buyOrder function has a potential issue when dealing with very small values, such as 1 wei. Using an approach like dividing by 2 for fee calculation can lead to precision errors and incorrect fee computation.
For instance, when the order price is extremely small (e.g., 1 wei), dividing by 2 may result in 0 due to integer division in Solidity. This can cause the fee computation to be incorrect and may lead to logical errors in the function.
To address this, it's important to handle fee calculations with precision and ensure that the computed fee is always accurate, even for small values.
Tools Used
manual review
Recommendations
Please rethinking the fee for buyer and seller.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.