Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

[L-1] `Snow::buySnow()` Expects Exact Amount Of Ether, Resulting In Unexpected Reverts / WETH Transfer

azriel20005

[L-1] Snow::buySnow() Expects Exact Amount Of Ether, Resulting In Unexpected Reverts / WETH Transfer

Description

  • This protocol should allow users to clearly choose between paying with ether or weth.

  • The same function however, is being used. The function determines whether a user chooses ether or weth by checking if the msg.value is exactly equal to the amount required. If users estimate the amount wrongly, their transaction would revert or would accidentally trigger a weth transfer if the user has approved the protocol from spending their weth previously.

function buySnow(uint256 amount) external payable canFarmSnow {
@> if (msg.value == (s_buyFee * amount)) {
_mint(msg.sender, amount);
} else {
i_weth.safeTransferFrom(msg.sender, address(this), (s_buyFee * amount));
_mint(msg.sender, amount);
}
s_earnTimer = block.timestamp;
emit SnowBought(msg.sender, amount);
}

Risk

Likelihood: Medium

  • Assuming that the s_buyFee is a whole number, users should not have difficulty calculating the price exactly.

Impact: Low

  • Most likely the protocol would revert, unless user has approved the protocol from spending weth previously. Thus there would be minimal impact on the user, besides usability issues.

Proof of Concept

NA

Recommended Mitigation

A good practice would be to have separate functions, and return excess ether to the user if msg.value > amount required.

- function buySnow(uint256 amount) external payable canFarmSnow {
- if (msg.value == (s_buyFee * amount)) {
- _mint(msg.sender, amount);
- } else {
- i_weth.safeTransferFrom(msg.sender, address(this), (s_buyFee * amount));
- _mint(msg.sender, amount);
- }
-
- s_earnTimer = block.timestamp;
-
- emit SnowBought(msg.sender, amount);
- }
+ function buySnowEth(uint256 amount) external payable canFarmSnow {
+ require (msg.value >= (s_buyFee * amount), "Insufficient ether sent!");
+ uint256 balance = msg.value - s_buyFee * amount;
+ if (balance > 0) {
+ (bool return,) = payable(msg.sender).call{value: balance}("");
+ require(return, "Fee return failed!!!");
+ }
+ _mint(msg.sender, amount);
+
+ s_earnTimer = block.timestamp;
+
+ emit SnowBought(msg.sender, amount);
+ }
+ function buySnowWeth(uint256 amount) external canFarmSnow {
+ i_weth.safeTransferFrom(msg.sender, address(this), (s_buyFee * amount));
+ _mint(msg.sender, amount);
+
+ s_earnTimer = block.timestamp;
+
+ emit SnowBought(msg.sender, amount);
+ }
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.