Platform: Code4rena
Start Date: 07/07/2022
Pot Size: $75,000 USDC
Total HM: 32
Participants: 141
Period: 7 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 144
League: ETH
Rank: 57/141
Findings: 1
Award: $132.20
🌟 Selected for report: 0
🚀 Solo Findings: 0
https://github.com/code-423n4/2022-07-fractional/blob/e2c5a962a94106f9495eb96769d7f60f7d5b14c9/src/FERC1155.sol#L223 https://github.com/code-423n4/2022-07-fractional/blob/e2c5a962a94106f9495eb96769d7f60f7d5b14c9/src/FERC1155.sol#L247
The royaltyPercent mapping doesn't have an upper bound (link 1), and seems to need it with an upper bound of 100 (link 2) as the divided value is 100, the unit is in percent.
In a second market context, this could lead to misleading royalties, higher than the selling price.
The marketplace contract should handle these exceptions, and in this case the sell could revert for all the tokens of this id.
No boundary set: https://github.com/code-423n4/2022-07-fractional/blob/e2c5a962a94106f9495eb96769d7f60f7d5b14c9/src/FERC1155.sol#L223
Pycharm
Add an upper bound of 100 in the setRoyalties()
require(_percentage <= 100, "percentage too high!");
#0 - 0x0aa0
2022-07-18T18:41:18Z
Duplicate of #166