code-423n4 / 2022-09-frax-findings

2 stars 1 forks source link

Missing payable #375

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-09-frax/blob/main/src/frxETHMinter.sol#L85

Vulnerability details

Impact

The following functions are not payable but uses msg.value - therefore the function must be payable. This can lead to undesired behavior.

Proof of Concept

frxETHMinter.sol, _submit should use payable since it uses msg.value

Tools Used

Manual review

Recommended Mitigation Steps

add the payable

FortisFortuna commented 2 years ago

Internal functions cannot be payable