FixedPricePassThruGate: Excess funds sent via passThruGate will be permanently locked #105
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/FixedPricePassThruGate.sol#L48
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/FixedPricePassThruGate.sol#L53
Vulnerability details
Details & Impact
If
msg.value
exceedsgate.ethCost
, the difference remains permanently stuck in the price gate because the call to the beneficiary is onlygate.ethCost
.Recommended Mitigation Steps
Just like the
speedBumpGate
, the call to the beneficiary should bemsg.value
instead ofgate.ethCost
.The text was updated successfully, but these errors were encountered: