Logical and Functional Issues in buyOutEstateNFT Function
Summary
The buyOutEstateNFT function contains several logical and functional issues, including incorrect fund distribution, improper handling of beneficiary conditions, and potential reentrancy risks. These issues could lead to unintended behavior, loss of funds, or exploitation.
Vulnerability Details
Rounding Error: The function calculates
finalAmountas(value / divisor) * multiplier, which may result in incorrect fund distribution. For example, ifvalueis not perfectly divisible bydivisor, the division will truncate the result, leading to potential loss of precision and incorrect amounts being transferred.Improper Handling of Beneficiary Conditions: The loop checks if
msg.senderis a beneficiary and immediately returns if true, skipping the rest of the logic. This means the function will not distribute funds to other beneficiaries or burn the NFT, which is likely unintended behavior.
Impact
Loss of Funds: Incorrect calculations and improper handling of beneficiary conditions could result in funds being distributed incorrectly or lost.
Functionality Failure: The function may fail to burn the NFT or distribute funds as intended, breaking the contract's core functionality.
Tools Used
Manual
Recommendations
Remove the return statement inside the loop to ensure the function completes all necessary steps (e.g., distributing funds and burning the NFT).
Lead Judging Commences
buyOutNFT has return instead of continue
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.