The fallback function plays an important role in maintaining the logic flow of the contract.
This function is executed on a call to the contract if none of the other functions match the given function signature, or if no data was supplied at all and there is no receive Ether function.
The fallback function present in the contract WETH9 was found to be misconfigured.
Proof of Concept
Vulnerable fallback function
function() public payable {
deposit();
}
Tools Used
VS Code.
Recommended Mitigation Steps
Make sure that the fallback function used is following the format specified by solidity.
A contract can have at most one fallback function.
It should be declared using either fallback() external [payable] or fallback (bytes calldata input) external [payable] returns (bytes memory output). (both without the function keyword).
This function must have external visibility.
A fallback function can be virtual, can override, and can have modifiers.
code423n4
commented
1 year ago
Lines of code
https://github.com/code-423n4/2023-11-zetachain/blob/44c8dd426e829536850b5d42b3f0ade1ce29a23c/repos/protocol-contracts/contracts/zevm/WZETA.sol#L16-L18
Vulnerability details
Impact
The fallback function plays an important role in maintaining the logic flow of the contract. This function is executed on a call to the contract if none of the other functions match the given function signature, or if no data was supplied at all and there is no receive Ether function. The fallback function present in the contract WETH9 was found to be misconfigured.
Proof of Concept
Vulnerable fallback function
Tools Used
VS Code.
Recommended Mitigation Steps
Make sure that the fallback function used is following the format specified by solidity.
Assessed type
call/delegatecall