Users may choose to use the doMultipleTransactions in order to chain together multiple interactions with the protocol however, because ETH has no decimals function, the function will revert mid transaction. This could especially be impactful if external automated applications rely on the Ocean contract resulting in a case where ETH tokens attempting to be wrapped along with other complicated strategies in the form of interactions could revert.
Proof of Concept
The proof of concept below outlines this scenario:
I recommend creating a special interaction execution method in _executeInteraction for wrapping ETH or handling ETH tokens appropriately in the _erc20Wrap function. Alternatively, the cause of wrapping ETH could also be handled in the for loop similarly to what is done in _doInteraction.
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/ocean/Ocean.sol#L474-L541
Vulnerability details
Impact
Users may choose to use the doMultipleTransactions in order to chain together multiple interactions with the protocol however, because ETH has no decimals function, the function will revert mid transaction. This could especially be impactful if external automated applications rely on the Ocean contract resulting in a case where ETH tokens attempting to be wrapped along with other complicated strategies in the form of interactions could revert.
Proof of Concept
The proof of concept below outlines this scenario:
Tools Used
Manual Review
Recommended Mitigation Steps
I recommend creating a special interaction execution method in
_executeInteraction
for wrapping ETH or handling ETH tokens appropriately in the_erc20Wrap
function. Alternatively, the cause of wrapping ETH could also be handled in the for loop similarly to what is done in_doInteraction
.Assessed type
Error