search

code-423n4 / 2022-01-livepeer-findings

0 stars 0 forks source link

double call address(this).balance in function `withdrawETHToL1Migrator` #191

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Tomio

Vulnerability details

Impact

Expensive gas

Proof of Concept

https://github.com/livepeer/protocol/blob/20e7ebb86cdb4fe9285bf5fea02eb603e5d48805/contracts/token/BridgeMinter.sol#L90

Tools Used

Remix

Recommended Mitigation Steps

call balance instead of address(this).balance can save gas

function withdrawETHToL1Migrator() external onlyL1Migrator returns (uint256) {
        uint256 balance = address(this).balance;

        // call() should be safe from re-entrancy here because the L1Migrator and l1MigratorAddr are trusted
        (bool ok, ) = l1MigratorAddr.call.value(balance)("");
        require(ok, "BridgeMinter#withdrawETHToL1Migrator: FAIL_CALL");

        return balance;
    }
yondonfu commented 2 years ago

Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/135