search

code-423n4 / 2022-06-notional-coop-findings

1 stars 1 forks source link

Missing `receive()` or `fallback() payable` function as native token is expected from WETH #182

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashLogic.sol#L70

Vulnerability details

receive() or fallback() payable function is missing in the current implementation of wfCashERC4626, calling WETH.withdraw() will revert.

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashLogic.sol#L70

WETH.withdraw(depositAmountExternal);

As a result, _mintInternal() when isETH == true will revert.

berndartmueller commented 2 years ago

Duplicate of #99

receive() function is implemented in nBeaconProxy.sol#L9-L11