Closed code423n4 closed 2 years ago
defsec
Native fund transfers into the basket contracts are only expected from the wrapped token contract. Hence, it would be good to restrict incoming fund transfers to prevent accidental native fund transfers from other sources.
https://github.com/code-423n4/2021-12-amun/blob/cf890dedf2e43ec787e8e5df65726316fda134a1/contracts/basket/contracts/singleJoinExit/SingleTokenJoinV2.sol#L19
// WETH or WAVAX ... IERC20 public immutable INTERMEDIATE_TOKEN;
None
receive() external payable { require(msg.sender == address(WETH) | msg.sender == address(WAVAX), 'only wrapped eth'); }
Duplicate of #253
0xleastwood
commented
2 years ago
Handle
defsec
Vulnerability details
Impact
Native fund transfers into the basket contracts are only expected from the wrapped token contract. Hence, it would be good to restrict incoming fund transfers to prevent accidental native fund transfers from other sources.
Proof of Concept
Tools Used
None
Recommended Mitigation Steps