search

code-423n4 / 2022-09-frax-findings

2 stars 1 forks source link

`frxETHToken` user was freeze into the contract and loss of user fund. #299

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/frxETHMinter.sol#L78 https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/frxETHMinter.sol#L75

Vulnerability details

Impact

Whoever was deposit frxETHToken user was freeze into the contract and loss of user fund.

Proof of Concept

on that line of :

        uint256 sfrxeth_recieved = sfrxETHToken.deposit(msg.value, recipient);

it frxETHToken was approved, if approved succeed that would generated into sfrxETH. on that line 78. sfrxeth_recieved but store sfrxETHToken.deposit instead of frxETHToken.deposit. it may lead into wrong return since it should be frxETHToken into sfrxETHToken first

This can be lead into this scene :

  1. Alice approve that want to deposit frxETHToken into sfrxETHToken
  2. Alice want to deposit of frxETHToken (let's say 1million frxETHToken)
  3. Alice can't got sfrxETHToken, eversince contract can't generated how many that frxETHToken was deposit into sfrxETHToken address.
  4. Alice got losses her fund.

Tools Used

Manual Review

Recommended Mitigation Steps

Recommended that dev, use frxETHToken.deposit to verify that user got their frxETHToken staked and got their sfrxETHToken in return.

FortisFortuna commented 2 years ago

Not sure how funds are at risk here. Can you please elaborate?

0xean commented 2 years ago

closing as invalid and unclear on the exact issue here.