In lines 140 and 141 a low-level transfer is performed and first it is reversed and then it is validated with the require if it was done correctly. This can generate many problems, since the transaction may not be carried out and a message may be returned as if it had been carried out correctly.
Recommended Mitigation Steps
You must first perform the validation (line 140) and then perform the return (line 141)
sforman2000
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-sturdy/blob/78f51a7a74ebe8adfd055bdbaedfddc05632566f/smart-contracts/LidoVault.sol#L140
Vulnerability details
Impact
In lines 140 and 141 a low-level transfer is performed and first it is reversed and then it is validated with the require if it was done correctly. This can generate many problems, since the transaction may not be carried out and a message may be returned as if it had been carried out correctly.
Recommended Mitigation Steps
You must first perform the validation (line 140) and then perform the return (line 141)