Likelihood:
Low, because it require user to forcefully send funds to the contract
Impact:
High, because nobody will be able to withdraw them
Vulnerability Detail
If a user who is directly interacting with the protocol sends ethers to the contract forcefully, nobody wouldn't be able to withdraw them. Due to the fact that all checks in the transferFrom and withdraw functions would fail since the balanceOf[msg.sender] won't be modified when funds are sent.
Impact
Funds would be stuck without a way to withdraw them.
martin
medium
Funds can be stuck in the contract forever
Summary
Funds can be stuck in the contract forever
Likelihood: Low, because it require user to forcefully send funds to the contract
Impact: High, because nobody will be able to withdraw them
Vulnerability Detail
If a user who is directly interacting with the protocol sends ethers to the contract forcefully, nobody wouldn't be able to withdraw them. Due to the fact that all checks in the
transferFromandwithdrawfunctions would fail since thebalanceOf[msg.sender]won't be modified when funds are sent.Impact
Funds would be stuck without a way to withdraw them.
Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/mock/MockWETH.sol#L18
Tool used
Manual Review
Recommendation
Add a function that allows stuck funds to be withdrawn with the appropriate access modifiers.