Excess ETH is not returned to sender #195
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/FixedPricePassThruGate.sol#L46-L56
Vulnerability details
Impact
In
passThruGate
function,msg.value
is checked to be greater than the required cost, but the excess amount is not returned to the sender.Proof of Concept
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/FixedPricePassThruGate.sol#L46-L56
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/SpeedBumpPriceGate.sol#L64-L82
Recommended Mitigation Steps
Return excess ETH to sender or make the require strict equal.
The text was updated successfully, but these errors were encountered: