Every ETH that wasn't received by "receive() external payable" from "INTERMEDIATE_TOKEN" by calling "withdraw()" cannot be withdrawn. Because in the contract we only transfer INTERMEDIATE_TOKEN.balanceOf(address(this)) and not the ETH balance of the contract, that also could be sent accidentally.
Handle
GiveMeTestEther
Vulnerability details
Impact
Every ETH that wasn't received by "receive() external payable" from "INTERMEDIATE_TOKEN" by calling "withdraw()" cannot be withdrawn. Because in the contract we only transfer INTERMEDIATE_TOKEN.balanceOf(address(this)) and not the ETH balance of the contract, that also could be sent accidentally.
Proof of Concept
2021-12-amun\contracts\basket\contracts\singleJoinExit\EthSingleTokenJoin.sol: receive() external payable {} 2021-12-amun\contracts\basket\contracts\singleJoinExit\EthSingleTokenJoinV2.sol: receive() external payable {} 2021-12-amun\contracts\basket\contracts\singleJoinExit\SingleNativeTokenExit.sol: receive() external payable {} 2021-12-amun\contracts\basket\contracts\singleJoinExit\SingleNativeTokenExitV2.sol: receive() external payable {}
Tools Used
Manual Analysis
Recommended Mitigation Steps