The EthSingleTokenJoin contract (and the other similar join contracts) allow any _INTERMEDIATE_TOKEN to be set by the constructor but the code only works if it's the wrapped native token (WETH or equivalent for other chains) due to the calls to .withdraw and the fallback function which is assumed to deposit.
Impact
The contract will not fail early if a wrong INTERMEDIATE_TOKEN is set, it'll only be noticeable later when the actual joinTokenEth function is called.
Recommended Mitigation Steps
Hardcode the wrapped native token address based on the chain id.
Handle
cmichel
Vulnerability details
The
EthSingleTokenJoincontract (and the other similar join contracts) allow any_INTERMEDIATE_TOKENto be set by the constructor but the code only works if it's the wrapped native token (WETH or equivalent for other chains) due to the calls to.withdrawand the fallback function which is assumed todeposit.Impact
The contract will not fail early if a wrong
INTERMEDIATE_TOKENis set, it'll only be noticeable later when the actualjoinTokenEthfunction is called.Recommended Mitigation Steps
Hardcode the wrapped native token address based on the chain id.