Platform: Code4rena
Start Date: 11/11/2022
Pot Size: $36,500 USDC
Total HM: 5
Participants: 62
Period: 3 days
Judge: berndartmueller
Id: 181
League: ETH
Rank: 34/62
Findings: 1
Award: $66.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rotcivegaf
Also found by: 0x4non, 0xDecorativePineapple, 9svR6w, Trust, V_B, adriro, ajtra, aviggiano, brgltd, carlitox477, chaduke, codexploder, corerouter, joestakey, ladboy233, s3cunda, saian, wait
66.8068 USDC - $66.81
https://github.com/code-423n4/2022-11-non-fungible/blob/main/contracts/Exchange.sol#L215
If caller calling the execute function is a contract then it is possible that contract is not refunded the excess ETH passed. This happens since the return value for call is not validated
execute function which post execution calls _returnDust functionfunction execute(Input calldata sell, Input calldata buy) external payable whenOpen setupExecution { _execute(sell, buy); _returnDust(); }
callStatus is not validated and even if the call fails then also _returnDust will pass (User wont get any amount)function _returnDust() private { uint256 _remainingETH = remainingETH; assembly { if gt(_remainingETH, 0) { let callStatus := call( gas(), caller(), selfbalance(), 0, 0, 0, 0 ) } } }
In _returnDust function check that callStatus is true
#0 - c4-judge
2022-11-16T11:57:21Z
berndartmueller marked the issue as duplicate of #90
#1 - c4-judge
2022-11-16T11:57:25Z
berndartmueller marked the issue as satisfactory