buyOrder Function Preventing Return of Extra ETH to msg.sender
Summary
The buyOrder function in the provided smart contract has a bug that prevents any excess Ether (ETH) sent by the buyer from being returned. Specifically, when the buyer sends more ETH than the required order.price + sellerFee, the function does not handle returning the excess amount. As a result, the extra ETH is simply consumed without refunding it to the buyer.
Vulnerability Details
In the buyOrder function, there is no logic to return excess Ether sent by the buyer. The contract checks if the sent Ether is enough to cover the order price and the seller’s fee but does not account for any extra Ether. If the buyer overpays, the additional Ether is not refunded and is effectively lost.
Impact
The vulnerability can lead to financial loss for buyers who unintentionally send more Ether than needed for the transaction. The extra Ether is consumed without any refund mechanism, which can negatively affect user experience and trust in the contract.
Tools Used
Manual code review
Recommendations
Add a mechanism to refund any excess Ether sent by the buyer. After transferring the required Ether to the seller and owner, check for any remaining balance and transfer it back to the buyer.
Lead Judging Commences
Token misshandling
The extra eth sent by the user in the buy order will be locked in the contract forever
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.