Infinity NFT Marketplace contest - obront's results
The world's most advanced NFT marketplace.
General Information
Platform: Code4rena
Start Date: 14/06/2022
Pot Size: $50,000 USDC
Total HM: 19
Participants: 99
Period: 5 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 136
League: ETH
Findings Distribution
Researcher Performance
Rank: 99/99
Findings: 1
Award: $11.08
🌟 Selected for report: 0
🚀 Solo Findings: 0
Findings Information
🌟 Selected for report: hyh
Also found by: 0x29A, 0xNineDec, 0xf15ers, 0xkowloon, GreyArt, IllIllI, KIntern, Kenshin, Lambda, WatchPug, Wayne, berndartmueller, byterocket, cccz, codexploder, horsefacts, kenzo, obront, obtarian, oyc_109, peritoflores, rajatbeladiya, rfa, saian, unforgiven, zer0dot
Awards
11.084 USDC - $11.08
Labels
External Links
Lines of code
Vulnerability details
Impact
The rescueETH() function does not have the ability to access any of the contract's Eth. As a result, any Eth sent to this contract outside of the normal staking functionality will be permanently lost.
Proof of Concept
Rather than sending the Eth from the contract to the destination address, the function forwards along the Eth sent to it via msg.value.
- If no value is sent, the function does nothing.
- If some value is sent, that value is passed along from the caller to the destination, without the contract's funds ever being touched.
Recommended Mitigation Steps
Replace {value: msg.value} on line 346 with {value: address(this).balance}.
#0 - nneverlander
2022-06-23T12:27:30Z
Duplicate
#1 - nneverlander
2022-07-05T12:37:45Z
#2 - HardlyDifficult
2022-07-09T17:00:02Z