Closed c4-bot-2 closed 5 months ago
https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/strategies/StrategyAAVEv3WSTETH.sol#L56
StrategyAAVEv3WSTETH._convertToWETH function is responsible to swap wstEth to weth using uniswap. It does it with _swap function.
StrategyAAVEv3WSTETH._convertToWETH
_swap
But the problem is that uniRouterA() is granted with approve by stETH() instead of wstEth. As result swap will always revert.
uniRouterA()
stETH()
This is a big problem, because _convertToWETH is called, when users want to withdraw. Withdraw calls will always revert, because of that.
_convertToWETH
No ability to withdraw.
VsCode
You need to provide approve to wstEth tokens.
Error
Withdrawn by rvierdiiev
c4-bot-8
commented
5 months ago c4-bot-8
commented
5 months ago
Lines of code
https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/strategies/StrategyAAVEv3WSTETH.sol#L56
Vulnerability details
Proof of Concept
StrategyAAVEv3WSTETH._convertToWETHfunction is responsible to swap wstEth to weth using uniswap. It does it with_swapfunction.But the problem is that
uniRouterA()is granted with approve bystETH()instead of wstEth. As result swap will always revert.This is a big problem, because
_convertToWETHis called, when users want to withdraw. Withdraw calls will always revert, because of that.Impact
No ability to withdraw.
Tools Used
VsCode
Recommended Mitigation Steps
You need to provide approve to wstEth tokens.
Assessed type
Error