Submission Details
Severity:
Reentrant Vulnerability
Summary
The contract uses call to transfer Ether, which could expose it to a reentrancy attack if the recepient is a malicious contract.
Vulnerability Details
There is no checks for buyer have enough funds, order is valid etc.
Impact
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
This can lead to reentrancy attack.
Tools Used
Foundry
Recommendations
// 1. Check conditions
require(order.seller != address(0), "Order does not exist");
require(msg.value >= order.price, "Insufficient funds sent");
// Calculate fees
uint256 fee = order.price / 100; // 1% fee
uint256 sellerAmount = order.price - fee;
// 2. Effects: Update state
balances[owner()] += fee; // Accumulate platform fee
order.seller = address(0); // Mark order as completed
balances[msg.sender][order.tokenAddress] += order.tokenAmount;
// 3. Interactions: Transfer Ether to the seller
(bool success, ) = payable(order.seller).call{value: sellerAmount}("");
require(success, "Ether transfer to seller failed");
emit OrderPurchased(orderId, msg.sender, order.tokenAddress, order.tokenAmount);
It checks all condition wheather buyer has enough ETH, calculate the gas fee, updates state of the contract and then transfer the ETH
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.