search

code-423n4 / 2024-02-wise-lending-findings

11 stars 8 forks source link

PendlePowerManager and AaveHUb don´t forward the received ETH to the master address as intended #166

Closed c4-bot-7 closed 5 months ago

c4-bot-7 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarm/PendlePowerManager.sol#L21 PendlePowerFarmControllerBase](https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarmController/PendlePowerFarmControllerBase.sol#L125

Vulnerability details

Impact

Loss of funds

Proof of Concept

The Wiselending and AaveHub contracts´ receive functions forward the sent ETH to the master address. This action is also documented in the referred contracts´ NATSPEC;

Contract: AaveHub.sol

79:     /**
80:      * @dev Receive functions forwarding
81:      * sent ETH to the master address
82:      */
83:     receive()
84:         external
85:         payable
86:     {
87:         if (msg.sender == WETH_ADDRESS) {
88:             return;
89:         }
90: 
91:         _sendValue(
92:             master,
93:             msg.value
94:         );
95:     }

Contract: WiseLending.sol

45:     /**
46:      * @dev Standard receive functions forwarding
47:      * directly send ETH to the master address.
48:      */
49:     receive()
50:         external
51:         payable
52:     {
53:         if (msg.sender == WETH_ADDRESS) {
54:             return;
55:         }
56: 
57:         _sendValue(
58:             master,
59:             msg.value
60:         );
61:     }

However, while intending the same, the implementation was missed out in PendlePowerManager and PendlePowerFarmControllerBase contracts;

Contract: PendlePowerManager.sol

17:     /**
18:      * @dev Standard receive functions forwarding
19:      * directly send ETH to the master address.
20:      */
21:     receive()
22:         external
23:         payable
24:     {
25:         emit ETHReceived(
26:             msg.value,
27:             msg.sender
28:         );
29:     }

Contract: PendlePowerFarmControllerBase.sol

125:     receive()
126:         external
127:         payable
128:     {
129:         emit ETHReceived(
130:             msg.value,
131:             msg.sender
132:         );
133:     }

Tools Used

Manual Review

Recommended Mitigation Steps

Recommend implementing the same.

Assessed type

ETH-Transfer

c4-pre-sort commented 5 months ago

GalloDaSballo marked the issue as insufficient quality report

c4-judge commented 5 months ago

trust1995 marked the issue as duplicate of #199

c4-judge commented 5 months ago

trust1995 marked the issue as partial-50

trust1995 commented 5 months ago

The Base has an escape hatch as explained here - https://github.com/code-423n4/2024-02-wise-lending-findings/issues/246

c4-judge commented 5 months ago

trust1995 marked the issue as satisfactory

c4-judge commented 5 months ago

trust1995 marked the issue as unsatisfactory: Invalid