Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Seller Does Not Receive the Correct Payment Amount

josh4324

Summary

In the buyOrder function, the seller is not receiving the correct payment amount due to the improper deduction of fees. Specifically, the sellerFee is incorrectly subtracted from the seller's payment, resulting in a loss for the seller. According to he documentation

Vulnerability Details

uint256 fee = order.price / 100;
uint256 sellerFee = fee / 2;
if(msg.value < order.price + sellerFee) {
revert TokenDivider__InsuficientEtherForFees();
}
balances[msg.sender][order.erc20Address] += order.amount;
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1];
s_userToSellOrders[seller].pop();
emit OrderSelled(msg.sender, order.price);
// Transfer The Ether
@> (bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");

The logic subtracts half of the fee from the seller's payment while the total fee (fee) is sent to the contract owner. This miscalculation causes the seller to receive an amount that is less than what they are entitled to.

Impact

Sellers will consistently receive less than their expected payment for orders, eroding trust in the marketplace and causing financial loss to users.

Tools Used

Manual Review

Recommendations

// Transfer Ether to the seller
(bool success, ) = payable(order.seller).call{value: (order.price)}("");
Updates

Lead Judging Commences

fishy Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.