search

Fujicracy / fuji-v2

Cross-chain money market aggregator
https://fuji-v2-frontend.vercel.app
15 stars 10 forks source link

vaults: `Receive()` function is dangerous #324

Closed cvetanovv closed 1 year ago

cvetanovv commented 1 year ago

Summary

The receive function in YieldVault.sol may lead to locking up received ether from any user

Vulnerability Detail

It is possible for any user to send ether to YieldVault.sol contract by receive function, this ether sent to the contract will be locked up forever because there isn't any function to return miss sending ether.

Impact

Any unaware user may lose ether if sending to the contract using receive function

Code Snippet

https://github.com/Fujicracy/fuji-v2/blob/main/packages/protocol/src/vaults/yield/YieldVault.sol#L56

56: receive() external payable {}

Recommendation

1) Remove the fallback receive function if it's not necessary. 2) Add an admin function to recover ETH that got stuck in the contract.

0xdcota commented 1 year ago

Wontdo: The receive function in the BorrowingVault and YieldVault is required for interacting with CompoundV2 cETH token market.