search

code-423n4 / 2023-01-numoen-findings

0 stars 0 forks source link

Locked Ether #248

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-numoen/blob/main/src/periphery/LendgineRouter.sol#L142 https://github.com/code-423n4/2023-01-numoen/blob/main/src/periphery/LendgineRouter.sol#L257

Vulnerability details

Description

Contract with a payable function, but without a withdrawal capacity.

Impact

Every Ether sent to LendgineRouter will be lost.

Proof of Concept

File: src/periphery/LendgineRouter.sol

142:   function mint(MintParams calldata params) external payable checkDeadline(params.deadline) returns (uint256 shares) {

257:   function burn(BurnParams calldata params) external payable checkDeadline(params.deadline) returns (uint256 amount) {

Recommended Mitigation Steps

Remove the payable attribute or add a withdraw function.

c4-judge commented 1 year ago

berndartmueller marked the issue as unsatisfactory: Invalid