Platform: Code4rena
Start Date: 05/10/2022
Pot Size: $50,000 USDC
Total HM: 2
Participants: 80
Period: 5 days
Judge: GalloDaSballo
Id: 168
League: ETH
Rank: 41/80
Findings: 1
Award: $114.82
π Selected for report: 0
π Solo Findings: 0
π Selected for report: dipp
Also found by: 0x4non, 0x52, 0xRobocop, 0xc0ffEE, 8olidity, Ch_301, Jeiwan, Junnon, KIntern_NA, Lambda, M4TZ1P, MiloTruck, Nyx, PaludoX0, Ruhum, RustyRabbit, Soosh, TomJ, Trust, arcoun, aviggiano, bardamu, cryptonue, csanuragjain, d3e4, enckrish, exd0tpy, hansfriese, jayphbee, joestakey, ladboy233, minhquanym, minhtrng, nicobevi, obront, polymorphism, rokinot, romand, rotcivegaf, rvierdiiev, saian, serial-coder, trustindistrust, zzykxx
114.8239 USDC - $114.82
https://github.com/code-423n4/2022-10-blur/blob/main/contracts/matchingPolicies/StandardPolicyERC1155.sol#L33 https://github.com/code-423n4/2022-10-blur/blob/main/contracts/matchingPolicies/StandardPolicyERC1155.sol#L59
By using StandardPolicyERC1155.sol as a matchingPolicy for the order.
The buyer will transfer an amount of funds ETH or WETH for 2 or more tokens, but he will receive only 1 token.
in case the buyer has set Input.Order.amount > 1.
Letβs say a buyer set a new order with Input.Order.amount == 2
that is means Input.Order.price will be for two tokens
The seller after seeing this order he will create a new sell order for the same ERC115 token
And he will invoke execute() and StandardPolicyERC1155.sol will matching this order
(makerBid.side != takerAsk.side) && (makerBid.paymentToken == takerAsk.paymentToken) && (makerBid.collection == takerAsk.collection) && (makerBid.tokenId == takerAsk.tokenId) && (makerBid.matchingPolicy == takerAsk.matchingPolicy) && (makerBid.price == takerAsk.price), makerBid.price, makerBid.tokenId, 1,//here AssetType.ERC1155
It will check if (makerBid.price == takerAsk.price) and set the Amount = 1
Without have any check in the original order for Amount
Add a check if(Input.Order.amount > 1 == true) revert
#0 - GalloDaSballo
2022-10-13T22:27:17Z