Closed c4-bot-9 closed 9 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
No dust is entailed with the correct event emitted as intended.
0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L983
Vulnerability details
Impact
The _etherUnwrap function in the smart contract does not correctly emit the EtherUnwrap event. The issue arises when calculating and emitting the fee and transfer amounts. The current implementation deducts the fee, transfers the calculated amount, and emits the event with the transferAmount,feeCharged and user address resulting in an inaccurate representation of the unwrapping process since fees decucted is sent as a wrapped token and still unwrapped.
Proof of Concept
Tools Used
Manual
Recommended Mitigation Steps
The function should unwrap only the remaining amount once fee is charged since its the only one that is transferred after unwrapping
Replace this line of code
with this one
Assessed type
Context