Platform: Code4rena
Start Date: 14/06/2022
Pot Size: $50,000 USDC
Total HM: 19
Participants: 99
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 136
League: ETH
Rank: 42/99
Findings: 2
Award: $95.18
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hyh
Also found by: 0x29A, 0xNineDec, 0xf15ers, 0xkowloon, GreyArt, IllIllI, KIntern, Kenshin, Lambda, WatchPug, Wayne, berndartmueller, byterocket, cccz, codexploder, horsefacts, kenzo, obront, obtarian, oyc_109, peritoflores, rajatbeladiya, rfa, saian, unforgiven, zer0dot
11.084 USDC - $11.08
https://github.com/infinitydotxyz/exchange-contracts-v2/blob/main/contracts/core/InfinityExchange.sol#L1230 https://github.com/infinitydotxyz/exchange-contracts-v2/blob/main/contracts/core/InfinityExchange.sol#L326 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L346 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L55
The functions rescueETH(address) in the InifinityExchange and InfinityStaker contracts are intended to send all ETH held in the contract to the address given as function argument.
However, the function implementations differ from the specification in that they only
forward the ETH send in the call's msg.value.
The impact is HIGH because ETH held in the contracts can not be withdrawn/rescued, leading to a loss of all ETH held in the contract.
As the contracts implements a fallback and a receive function, the contracts are definitly able to receive ETH.
Refactor the rescueETH functions to something like:
function rescueETH(address to) external onlyOwner { uint balance = address(this).balance; (bool sent, ) = destination.call{value: balance}(''); require(sent, 'failed'); }
#0 - nneverlander
2022-06-22T11:43:02Z
Duplicate.
#1 - nneverlander
2022-07-05T11:41:18Z
#2 - HardlyDifficult
2022-07-09T16:40:31Z
🌟 Selected for report: horsefacts
Also found by: 0x29A, GimelSec, GreyArt, Lambda, Ruhum, antonttc, berndartmueller, byterocket, cccz, codexploder, dipp, oyc_109, unforgiven
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L326 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/core/InfinityExchange.sol#L362
Users executing a maker order to buy a NFT can loose ETH when using the takeOrders() or takeMultipleOneOrders() functions.
This is due to a require statement checking that msg.value >= totalPrice.
This leads to the possiblity for a user to accidently overpay for a NFT, without possibility to receive the overpayed ETH amount back.
The impact is MEDIUM as this issue can lead to a loss of funds for users.
Refactor the require statements to check that the exact amount of ETH for the trade was send, i.e.
require(msg.value == totalPrice, "invalid total price");
#0 - KenzoAgada
2022-06-21T12:22:35Z
Duplicate of #244
#1 - nneverlander
2022-06-23T12:28:44Z
Duplicate
#2 - HardlyDifficult
2022-07-10T12:40:40Z