Submission Details
Severity:
Loss of funds for the Contract Admin Due to Miscalculation in Fee transfer in `buyOrder` Function.
Summary
The buyOrder function in the contract contains a logic flaw where the sellerFee (calculated as half of the transaction fee) is deducted from the seller's payout but is not sent to the contract owner. This results in the mismanagement of funds and a potential financial loss for the contract.
Vulnerability Details
function buyOrder(uint256 orderIndex, address seller) external payable {
uint256 fee = order.price / 100; // 1% transaction fee
uint256 sellerFee = fee / 2; // Seller Fee: 0.5% of the order price
if (msg.value < order.price + sellerFee) {
revert TokenDivider__InsufficientEtherForFees();
}
// Seller payout calculation
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
if (!success) {
revert TokenDivider__TransferFailed();
}
// Owner receives only the 'fee'
--> (bool taxSuccess, ) = payable(owner()).call{value: fee}("");
if (!taxSuccess) {
revert TokenDivider__TransferFailed();
}
}
Impact
The sellerFee is deducted from the seller's payout but is not transferred to any address, resulting in a loss of funds.
Over time, the accumulation of lost seller fees may result in significant unaccounted funds.
Tools Used
Manual
Recommendations
- (bool taxSuccess, ) = payable(owner()).call{value: fee}("");
+ (bool taxSuccess, ) = payable(owner()).call{value: (fee + sellerFee)}("");
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.