Closed howlbot-integration[bot] closed 3 months ago
koolexcrypto marked the issue as primary issue
koolexcrypto marked the issue as satisfactory
koolexcrypto marked the issue as duplicate of #18
koolexcrypto changed the severity to 3 (High Risk)
koolexcrypto changed the severity to 2 (Med Risk)
koolexcrypto marked the issue as partial-75
koolexcrypto changed the severity to 3 (High Risk)
koolexcrypto marked the issue as duplicate of #33
koolexcrypto marked the issue as partial-25
Lines of code
https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L389-L392 https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L252-L265
Vulnerability details
Impact
PrelaunchPoints.sol line 256 state:
ETH sent to this contract directly will be locked forever.
but that is not true:After
convertAllETH
phase, when a userclaim
will get unexpected earnings at expenses of another user that sent by mistake ETH to the contract and also this problem creates a front running competence to monitor mempool and claim just after the transaction that sends ETH to the contract.Proof of Concept
POC showing the unexpected gain if user send 30 ETH (number really big to make clear the example)
Add
NotExpectedGains.test.ts
to $project/test/ and runnpx hardhat test
Tools Used
Manual review and hardhat tests.
Recommended Mitigation Steps
There are many possibilities: 1) Add validations to receive() 2) Don't rely on address(this).balance directly but instead use a diff before and after the swap.
Assessed type
ETH-Transfer