search

code-423n4 / 2024-06-badger-findings

7 stars 5 forks source link

Add Require Statement to Handle Potential Failures in _depositRawEthIntoLido Function #45

Closed howlbot-integration[bot] closed 4 months ago

howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-06-badger/blob/9173558ee1ac8a78a7ae0a39b97b50ff0dd9e0f8/ebtc-zap-router/src/ZapRouterBase.sol#L34-L41

Vulnerability details

Description

The _depositRawEthIntoLido function in the ZapRouterBase contract performs a low-level call to the Lido contract without handling potential failures. This could lead to silent failures and unexpected behavior.

Issue

The call to the Lido contract could fail without being detected, leading to incorrect balance calculations.

Tools Used

Manual review

Recommended Mitigation Steps

function _depositRawEthIntoLido(uint256 _initialETH) internal returns (uint256) {
    uint256 _balBefore = stEth.balanceOf(address(this));
    (bool success, ) = payable(address(stEth)).call{value: _initialETH}("");
    require(success, "EbtcZapRouter: depositRawEthIntoLido failed");

    uint256 _deposit = stEth.balanceOf(address(this)) - _balBefore;
    return _deposit;
}

Assessed type

Error

c4-judge commented 3 months ago

alex-ppg changed the severity to 3 (High Risk)

c4-judge commented 3 months ago

alex-ppg marked the issue as unsatisfactory: Insufficient proof

c4-judge commented 3 months ago

alex-ppg changed the severity to 2 (Med Risk)