search

code-423n4 / 2022-05-sturdy-findings

7 stars 3 forks source link

Return value of send of ether not checked in `_withdrawFromYieldPool` #156

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-sturdy/blob/78f51a7a74ebe8adfd055bdbaedfddc05632566f/smart-contracts/LidoVault.sol#L140-L142

Vulnerability details

Impact

A send of ether is done on LidoVault.sol:140. It is immediately followed by a return statement which will cause the function to return without checking the sent value on line 142. Line 142 is dead code.

The impact is that the _to address might not receive the ether yet the contract will not (correctly) revert.

Proof of Concept

See lines 140-142

Tools Used

Manual inspection

Recommended Mitigation Steps

Place the return statement following the require statement.

(bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}('');
require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID);
return receivedETHAmount;
sforman2000 commented 2 years ago

Duplicate of https://github.com/code-423n4/2022-05-sturdy-findings/issues/157 (high risk)