Submission Details
Severity:
Missing Price Validation in sellErc20 Function Leads to Loss of Funds to the Seller.
Summary
The sellErc20 function does not validate if the price parameter is greater than zero. This allows users to create sell orders with a price of 0, which can lead to unintended consequences, financial loss for sellers if the seller mistakenly add the 0 price it will get indexed and the amount is transfered which leads to loss of funds to the seller.
Vulnerability Details
function sellErc20(address nftPegged, uint256 price,uint256 amount) external {
if(nftPegged == address(0)) {
revert TokenDivider__NftAddressIsZero();
}
if( amount == 0) {
revert TokenDivider__AmountCantBeZero();
}
// No check to check if the price is set to zero
ERC20Info memory tokenInfo = nftToErc20Info[nftPegged];
if(balances[msg.sender][tokenInfo.erc20Address] < amount) {
revert TokenDivider__InsuficientBalance();
}
balances[msg.sender][tokenInfo.erc20Address] -= amount;
s_userToSellOrders[msg.sender].push(
SellOrder({
seller: msg.sender,
erc20Address: tokenInfo.erc20Address,
price: price,
amount: amount
})
);
emit OrderPublished(amount,msg.sender, nftPegged);
IERC20(tokenInfo.erc20Address).transferFrom(msg.sender,address(this), amount);
}
Impact
If seller mistakenly set the price to 0 malicious users can exploit this by purchasing tokens for free, causing significant damage to the seller.
Tools Used
Manual
Recommendations
Add the below check to the function:
if (price == 0) { revert TokenDivider__PriceCantBeZero(); }
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.