Submission Details
Severity:
Price Manipulation in sellErc20
Summary
The contract allows sellers to set any price, which could lead to market manipulation by setting extremely low or high prices, potentially for sandwich attacks or other manipulative strategies.
Vulnerability Details
Impact
1. Market Manipulation: Sellers can set misleading prices to exploit other users or the market.
2. Loss of Trust: If users see wild price discrepancies, they might question the reliability of the platform.
3. Ecosystem Health: Such manipulations could destabilize the token economy around NFTs on the platform, deterring new users and reducing liquidity.
Tools Used
Manual Review
Recommendations
Implement price sanity checks using an oracle or historical data:
Code Snippet:
```solidity
function sellErc20(address nftPegged, uint256 price, uint256 amount) external {
// ... existing checks ...
require(price > getMinPrice(nftPegged) && price < getMaxPrice(nftPegged), "Price out of acceptable range");
// ... rest of the function ...
}
function getMinPrice(address nft) internal view returns (uint256) {
// Example logic, could be integrated with an oracle or historical data
return 1 ether; // Minimum price, for example
}
function getMaxPrice(address nft) internal view returns (uint256) {
// Example logic, could be integrated with an oracle or historical data
return 1000 ether; // Maximum price, for example
}
```
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.