Closed code423n4 closed 1 year ago
WETH as token
QA might be more appropriate.
141345 marked the issue as duplicate of #493
gzeon-c4 marked the issue as unsatisfactory: Invalid
POC shows that depositing ETH in a non ETH pool reverts, which is expected. When depositing ETH in a ETH pool, bc underlying ETH is converted to WETH by uniswap, the token address passed should be WETH.
From sponsors comment on #570 it is expected that the address passed to deposit
should be either WETH or token0 or token1.
But looking closely at deposit there is no way WETH
would pass the first validation at L#251.
This would create an unreachable code from L#255-L#260 when the address is WETH
because it would revert early.
I believe you are referring to this sponsor comment
a WETH pool would have either token0 or token1 as WETH
Lines of code
https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L251
Vulnerability details
Impact
deposits to WETH would revert
Proof of Concept
In
GeVault.deposit
validates thatrequire(token == address(token0) || token == address(token1), "GEV: Invalid Token");
but fails to include the case that token address could also beWETH
This implies that any call to deposit with WETH as the token address would revert. https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L251You can see that
WETH
address won't pass the first check but it's require subsequently with the function.Tools Used
Manual Review
Recommended Mitigation Steps
WETH
address should be included within the first checkAssessed type
Invalid Validation