Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

One selling order going through, removes all the other ones from the same seller

0xziin

Summary

A seller should be able to have multiple orders, but here one selling order going through, removes all the other ones from the same seller.

https://github.com/Cyfrin/2025-01-pieces-protocol/blob/main/src/TokenDivider.sol#L285-L286

Vulnerability Details

In TokenDivider.sol:buyOrder() lines 285-286 :

/**
*
* @param orderIndex The index of the order in all the orders array of the seller (the seller can have multiple orders active)
* @param seller The person who is selling this tokens
*
* @dev when the buyer call this function, the eth or any token accepted to pay, is sent to the seller
* if the transfer executed correctly, then this contract, wich has all the tokens, send the tokens to the msg.sender
*/
function buyOrder(uint256 orderIndex, address seller) external payable {
...
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1];
s_userToSellOrders[seller].pop();
emit OrderSelled(msg.sender, order.price);
...
}

s_userToSellOrders[seller].pop(); removes all the orders from the specific seller instead of just the one order concerned by the buy order.

Impact

Loss of all the other active orders from the same seller.

Tools Used

Github, manual review.

Recommendations

Instead of removing the seller s_userToSellOrders[seller].pop(), only remove the orderIndex corresponding to this specific selling.

Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.