Lucene search
K

16 matches found

Code423n4
Code423n4
added 2022/07/14 12:0 a.m.9 views

Upgraded Q -> H from 19 [1657761554720]

Judge has assessed an item in Issue 129 High risk. The relevant finding follows: InfinityExchange.solL326 and InfinityExchange.solL362: When a user pays too much ETH, the additional cost is not reimbursed in contrast to ERC20 transfers, where this is not possible. Consider reimbursing the user li...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/11 12:0 a.m.9 views

Upgraded Q -> M from 270 [1657580410834]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.9 views

Admin can set arbitrarily high WETH_TRANSFER_GAS_UNITS which is a fee

Lines of code Vulnerability details Impact Users can lose their fund by attack from the admins Poc In the function updateWethTranferGasInfinityExchange.sol there is no limit for setting WETHTRANSFERGASUNITS . As this is a kind of fee paid by from the buyers to the contract By definition of the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.6 views

ETH mistakenly sent over with ERC20 based takeOrders and takeMultipleOneOrders calls will be lost

Lines of code Vulnerability details takeOrders and takeMultipleOneOrders are the main user facing functionality of the protocol. Both require currency to be fixed for the call and can have it either as a ERC20 token or ETH. This way, the probability of a user sending over a ETH with the call whos...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.10 views

NO TIMELOCK ON setProtocolFee() CAN LEAD TO SELLERS LOSING THEIR NFTs

Lines of code Vulnerability details NO TIMELOCK ON setProtocolFee CAN LEAD TO SELLERS LOSING THEIR NFTs In InfinityExchange.sol, there is no timelock on setProtocolFee. This is the fee that is applied in orders, and determines how much the Exchange receives in fee VS how much the seller receives...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.10 views

Owner cannot transfer ETH balance of the exchange

Lines of code Vulnerability details User called takeOrders and takeMultipleOneOrders functions accumulate native token fees over time. These fees end up being frozen on the contract balance. There is only one way for an owner to transfer them, a rescueETH function, that isn’t able to access ETH...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.5 views

The owner can set arbitrarly high fees

Lines of code Vulnerability details Impact The owner of InfinityExchange contract can set arbitrarly big fees, and coul stole funds from seller. Proof of Concept When an order is executed the payment and the transfer from buyer to seller and viceversa are done by transferNFTsAndFees function wich...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.8 views

Overpaying ETH in InfinityExchange

Lines of code Vulnerability details Impact A user of the InfinityExchange contract can accidentally send more ETH than needed without the possibility to get the overpaid amount refunded. Proof of Concept if isMakerSeller && currency == address0 requiremsg.value = totalPrice, 'invalid total price'...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.12 views

Accumulated ETH fees of InfinityExchange cannot be retrieved

Lines of code Vulnerability details ETH fees accumulated from takeOrders and takeMultipleOneOrders operations are permanently frozen within the contract as there is only one way designed to retrieve them, a rescueETH function, and it will work as intended, not being able to access ETH balance of...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.6 views

matchOneToManyOrders doesn't consider numItems of the orders

Lines of code Vulnerability details Impact An order can specify a numItems in MakerOrder.constraints0. This number is the min/max number of items the order wants to buy/sell. For example a buy order can provide a list of nfts and say that wants to buy only 3 of them from that list. The function...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.23 views

rescueETH function doesn't works as expected

Lines of code Vulnerability details Impact The rescueETH function is implemented to collect any unexpected ETH transferred to the infinityExchange.sol contract, But this function will not work as expected. The function is supposed to return the eth from the contract to the specified destination...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.14 views

InfinityExchange owner can grief with high fees

Lines of code Vulnerability details Impact The owner of the InfinityExchange contract can set any high fee values for PROTOCOLFEEBPS via the InfinityExchange.setProtocolFee function. The fee value should be limited to a maximum of 10000. If set to higher values and due to the usage across functio...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.14 views

Owner can grief with high gas units

Lines of code Vulnerability details Impact The owner of the InfinityExchange contract can frontrun sellers/buyers e.g InfinityExchange.matchOneToOneOrders, InfinityExchange.matchOneToManyOrders functions and set arbitrarily high gas units with updateWethTranferGas which can either cause an...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.15 views

rescueEth does not transfer ether in contract

Lines of code Vulnerability details Impact The InfinityStakerrescueETH and InfinityExchangerescueETH payable functions sends msg.value to the destination and not the ether in the contract, so the fees and accidentally transferred ether is not sent to the destination address Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.10 views

Rescue ETH at InfinityExchange.sol is incorrectly implemented

Lines of code Vulnerability details Impact Admins are unable to recover any ETH locked in the contract PoC The function rescueETHInfinityExchange.sol is incorrectly implemented. It is using msg.value instead of the balance of the contract function rescueETHaddress destination external payable...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.9 views

Buyer may not agree on gasCost

Lines of code Vulnerability details Impact Gas cost when matching orders is payed by the buyer. Since buyers don't have control on order execution, they may spend more gas than what they are willing to. Examples: periods of high gasPrice, or if NFTs for some reason consume a extra amount of gas...

6.9AI score
Exploits0
Rows per page
Query Builder