code-423n4 / 2022-05-cally-findings

2 stars 0 forks source link

Lido eth wrap can fail #253

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-sturdy/blob/78f51a7a74ebe8adfd055bdbaedfddc05632566f/smart-contracts/LidoVault.sol#L141-L142

Vulnerability details

Impact

Sending ETH to LIDO can fail makes a return without checking the sent variable

Proof of Concept

      (bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}('');
      return receivedETHAmount;
      require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID);

Imagine that sent is false, then it will return receivedETHAmount but no ETH was received.

Tools Used

Manual review

Recommended Mitigation Steps

Change

      (bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}('');
      return receivedETHAmount;
      require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID);

For

      (bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}('');
      require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID);
      return receivedETHAmount;

outdoteth commented 2 years ago

I think this issue was submitted to the wrong contest