buyAndSwap1155WETH
Does Not Work As Intended
#45
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
leastwood
Vulnerability details
Impact
The
buyAndSwap1155WETH
function inNFTXMarketplaceZap
aims to facilitate buying and swappingERC1155
tokens within a single transaction. The function expects to transferWETH
tokens from themsg.sender
account and use these tokens in purchasing vault tokens. However, the_buyVaultToken
call inbuyAndSwap1155WETH
actually usesmsg.value
and notmaxWethIn
. As a result, the function will not work unless the user supplies bothWETH
and nativeETH
amounts, equivalent to themaxWethIn
amount.Proof of Concept
https://github.com/code-423n4/2021-12-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXMarketplaceZap.sol#L284-L314
Tools Used
Manual code review.
Discussions with Kiwi.
Recommended Mitigation Steps
Consider updating the
buyAndSwap1155WETH
function such that the following line of code is used instead of this.The text was updated successfully, but these errors were encountered: