OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Malicious buyers can cause orders to fail abnormally

Author Revealed upon completion

Malicious buyers can cause orders to fail abnormally

Description

  • Because order.isActive = false; code is before the safeTransferFrom function that malicouse buyer can modify all ther order status from active to inactive.

order.isActive = false;
uint256 protocolFee = (order.priceInUSDC * FEE) / PRECISION;
uint256 sellerReceives = order.priceInUSDC - protocolFee;
iUSDC.safeTransferFrom(msg.sender, address(this), protocolFee);
iUSDC.safeTransferFrom(msg.sender, order.seller, sellerReceives);
IERC20(order.tokenToSell).safeTransfer(msg.sender, order.amountToSell);

Risk

Likelihood:

  • Reason 1 // Describe WHEN this will occur (avoid using "if" statements)

  • Reason 2

Impact:

Maliciously modifying order status, causing other users to be unable to trade normally

Proof of Concept

Recommended Mitigation

- order.isActive = false;
- uint256 protocolFee = (order.priceInUSDC * FEE) / PRECISION;
- uint256 sellerReceives = order.priceInUSDC - protocolFee;
- iUSDC.safeTransferFrom(msg.sender, address(this), protocolFee);
- iUSDC.safeTransferFrom(msg.sender, order.seller, sellerReceives);
- IERC20(order.tokenToSell).safeTransfer(msg.sender, order.amountToSell);
+ uint256 protocolFee = (order.priceInUSDC * FEE) / PRECISION;
+ uint256 sellerReceives = order.priceInUSDC - protocolFee;
+ iUSDC.safeTransferFrom(msg.sender, address(this), protocolFee);
+ iUSDC.safeTransferFrom(msg.sender, order.seller, sellerReceives);
+ IERC20(order.tokenToSell).safeTransfer(msg.sender, order.amountToSell);
+ order.isActive = false;
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 5 hours ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.