Closed c4-bot-7 closed 5 months ago
GalloDaSballo marked the issue as insufficient quality report
trust1995 marked the issue as duplicate of #199
trust1995 marked the issue as partial-50
The Base has an escape hatch as explained here - https://github.com/code-423n4/2024-02-wise-lending-findings/issues/246
trust1995 marked the issue as satisfactory
trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarm/PendlePowerManager.sol#L21 PendlePowerFarmControllerBase](https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarmController/PendlePowerFarmControllerBase.sol#L125
Vulnerability details
Impact
Loss of funds
Proof of Concept
The Wiselending and AaveHub contracts´
receive
functions forward the sent ETH to the master address. This action is also documented in the referred contracts´ NATSPEC;However, while intending the same, the implementation was missed out in PendlePowerManager and PendlePowerFarmControllerBase contracts;
Tools Used
Manual Review
Recommended Mitigation Steps
Recommend implementing the same.
Assessed type
ETH-Transfer