Submission Details
Impact:
Likelihood:
msg.value != (s_buyFee * amount) && User has approve the amount weth will cause user user lose the msg.value.
Root + Impact
Description
-
Before user call buySnow function ,user has approve the amount of weth and call buySnow with wrong msg.value
-
user will lose the msg.value
function buySnow(uint256 amount) external payable canFarmSnow {
// if msg.value != (s_buyFee * amount) && user has approve the weth
if (msg.value == (s_buyFee * amount)) {
_mint(msg.sender, amount);
} else {
i_weth.safeTransferFrom(msg.sender, address(this), (s_buyFee * amount));
_mint(msg.sender, amount);
}
s_earnTimer = block.timestamp;
emit SnowBought(msg.sender, amount);
}
Risk
Medium
Likelihood:
Before user call buySnow function ,user has approve the amount of weth and call buySnow with wrong msg.value
Impact:
user will lose the msg.value
Proof of Concept
jerry approve the amount of weth
jerry call buySnow with wrong msg.value
function testCanmsgvalueNotEqualamount() public {
deal(jerry, FEE * 2);
vm.startPrank(jerry);
weth.approve(address(snow), FEE);
snow.buySnow{value: 2 * FEE}(1);// value != s_buyFee * amount
vm.stopPrank();
assert(snow.balanceOf(jerry) == 1);
assert(address(snow).balance == FEE * 2);
assert(jerry.balance == 0);// jerry will lose msg.value
}
Recommended Mitigation
Updates
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.