4 matches found
nonReentrant modifier is not added to all functions that generate state changes, there is a possibility of re-entry.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. I noticed that the nonReentrant modifier only adds some of the functions that generate state changes to the InfinityExchange.sol contract, which provides the feasibility of reentrancy between multiple...
User may lose funds if msg.value > totalPrice
Lines of code InfinityExchange.solL300-L328 InfinityExchange.solL336-L364 Vulnerability details Impact When using InfinityExchange.sol:takeMultipleOneOrders or InfinityExchange.sol:takeOrders, if currency == address0 and a user has a msg.value totalPrice the overspent ETH is left in the contract...
_transferNFTs() functions doesn't reverts if the transfer item doesn't supports interface for both ERC721 and ERC1155
Lines of code Vulnerability details Impact The transferNFTs function use ERC165 to check if the itemnft supports ERC721 interface or ERC1155 interface and execute transfer accordingly. But if it doesn't supports either, it just exits the functionno revert. Proof of Concept in...
Ether can get lock on functions takeMultipleOneOrders and takeOrders
Lines of code Vulnerability details Impact Ether send by the user cang gets locks when taking order/s Proof of Concept If Bob use function takeMultipleOneOrders or takeOrders to buy and sends more ETH that it supposes to remaing ETH will be lost, also if the seller is selling for other token and...