Description:Description
In the eth::most::receiveRequest function, there's a check if (_destTokenAddress == wethAddress). However, this approach assumes that users can't send WETH because the wethAddress is used to differentiate between tokens and ETH.
Impact
Users might expect to receive WETH but will actually receive ETH instead. This could lead to unexpected behavior, especially for contracts that only accept tokens and not ETH.
Revised Code File (Optional)
Consider using a custom address to differentiate between ETH and other tokens, ensuring consistency in handling WETH transactions.
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xdc5e623268598a3fb522fb35cea865c7d6a02b6a5e290ba94e9816ddec551676 Severity: high
Description: Description
In the
eth::most::receiveRequest
function, there's a checkif (_destTokenAddress == wethAddress)
. However, this approach assumes that users can't send WETH because thewethAddress
is used to differentiate between tokens and ETH.Impact
Users might expect to receive WETH but will actually receive ETH instead. This could lead to unexpected behavior, especially for contracts that only accept tokens and not ETH.
Revised Code File (Optional)
Consider using a custom address to differentiate between ETH and other tokens, ensuring consistency in handling WETH transactions.