function _sendFunds(address token, address to, uint256 amount) internal {
executioner.sendFunds(token, to, amount);
if (token == nativeToken) {
wrappedNativeToken.withdraw(amount);
(bool success, ) = to.call{value: amount}("");
require(success, "Slingshot: ETH Transfer failed.");
} else {
IERC20(token).safeTransfer(to, amount);
}
}
Observe that this function calls sendFunds function on executioner which has below definition:
function sendFunds(address token, address to, uint256 amount) external onlyOwner {
if (token == nativeToken) {
wrappedNativeToken.withdraw(amount);
(bool success, ) = to.call{value: amount}("");
require(success, "Executioner: ETH Transfer failed.");
} else {
IERC20(token).safeTransfer(to, amount);
}
}
As we can see
executioner.sendFunds(token, to, amount); - Makes the fund transfer on executioner.sendFunds(token, to, amount);
IERC20(token).safeTransfer(to, amount); - Transfers the fund again on line 176
Recommended Mitigation Steps
Since executioner.sendFunds(token, to, amount); is already called for performing fund transfer there is no need of further code
function _sendFunds(address token, address to, uint256 amount) internal {
executioner.sendFunds(token, to, amount);
}
Handle
csanuragjain
Vulnerability details
Impact
This can cause financial loss as funds are transferred twice due to duplicate code used
Proof of Concept
Recommended Mitigation Steps
Since executioner.sendFunds(token, to, amount); is already called for performing fund transfer there is no need of further code