Closed code423n4 closed 1 year ago
141345 marked the issue as primary issue
Keref marked the issue as sponsor disputed
POC shows that depositing ETH in a non ETH pool reverts, which is expected. When depositing ETH in a ETH pool, bc underlying ETH is converted to WETH by uniswap, the token address passed should be WETH.
gzeon-c4 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L247-L284
Vulnerability details
Impact
When a user deposits funds, the deposit function requires an argument namely, the address of the token with which to fund the transaction.
If the GeVault has two tokens of for example: USDC/DAI. Line 251 expects the function argument to be the address of one of those. However according to lines 255 and 256, if there is a
msg.value
it means the user desires to deposit ETH into the vault, and the function argument needs to be the valid WETH address.Thus if one of the Vault tokens is not WETH, the two checks work against each other and the call will always revert when depositing ETH.
The check is done within the deposit function especially lines 251 and 255,256. line 251:
lines 255,256:
Proof of Concept
I created a miniGeVault contract in order to have the deposit functionality isolated, to make an easy PoC to run in foundry.
(Copy/paste into miniGeVault.sol)
(Copy/paste into GeVault.t.sol)
To run the test:
forge test -vv --match-contract GeVaultTest
The output will be :
Tools Used
Recommended Mitigation Steps
It can be considered to change the checks on line 261 to be:
Assessed type
Payable