search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

InfinityStaker::rescueETH wrong implementation #189

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L346

Vulnerability details

The rescue ETH function sends to the sender msg.value instead of address(this).balance.

Impact

Wrong implementation, ETH can't be rescued from the contract.

Proof of Concept

This is rescueETH function:

  function rescueETH(address destination) external payable onlyOwner {
    (bool sent, ) = destination.call{value: msg.value}('');
    require(sent, 'Failed to send Ether');
  }

Recommended Mitigation Steps

Send the contract's balance instead of msg.value.

nneverlander commented 2 years ago

https://github.com/code-423n4/2022-06-infinity-findings/issues/11

HardlyDifficult commented 2 years ago

Dupe https://github.com/code-423n4/2022-06-infinity-findings/issues/296