Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

High value difference allows buyers to but tokens at a significantly low price

0xodus

Summary

The sellErc20 function allows the seller to input total price for the token, however in the buyOrder function, msg.value is compared to price which is wrong because msg.value of Ether isn't necessarily comparable to price .

Vulnerability Details

In the fllowing code snippet

if(msg.value < order.price + sellerFee) {
revert TokenDivider__InsuficientEtherForFees();
}
balances[msg.sender][order.erc20Address] += order.amount;
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1];
s_userToSellOrders[seller].pop();
emit OrderSelled(msg.sender, order.price);
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
if(!success) {
revert TokenDivider__TransferFailed();
}

msg.value is compared to the order.price and later the seller is transfered to the order.price and in turn the buyer ends up buying the tokens for significantly cheaper price

Impact

if the seller intended to sell their erc20 tokes at a price of $100, they end up getting 100 wei from the buyer as payment, this leads to the sellers selling their tokens at a loss.

Tools Used

Manual review

Recommendations

Integrate decentralized price feeds eg chainlink to check the price of ether and compare it to the order.price listed by the seller to resolve the issue

Updates

Lead Judging Commences

fishy Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.