Closed sherlock-admin closed 1 year ago
ctf_sec
medium
PassThroughWalletImpl lack default payable keywords to handle the native ETH
In the current implementation, PassThroughWalletImpl lack default payable keywords to handle the native ETH
/// send tokens_ to $passThrough function passThroughTokens(address[] calldata tokens_) external pausable returns (uint256[] memory amounts) { address _passThrough = $passThrough; uint256 length = tokens_.length; amounts = new uint256[](length); for (uint256 i; i < length;) { address token = tokens_[i]; uint256 amount = token._balanceOf(address(this)); amounts[i] = amount; token._safeTransfer(_passThrough, amount); unchecked { ++i; } } emit PassThrough(tokens_, amounts); }
this basically mean that only ERC20 is compatible with PassThroughWalletImpl and the pass through receiver canno receive ETH properly.
the PassThroughWallet cannot receive ETH and pasThroughToken cannot send ETH out.
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-pass-through-wallet/src/PassThroughWalletImpl.sol#L128
Manual Review
We recommend the protocol uncomment the receive() external payable in PassThroughWalletImpl
ctf_sec
medium
PassThroughWalletImpl lack default payable keywords to handle the native ETH
Summary
PassThroughWalletImpl lack default payable keywords to handle the native ETH
Vulnerability Detail
In the current implementation, PassThroughWalletImpl lack default payable keywords to handle the native ETH
this basically mean that only ERC20 is compatible with PassThroughWalletImpl and the pass through receiver canno receive ETH properly.
Impact
the PassThroughWallet cannot receive ETH and pasThroughToken cannot send ETH out.
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-pass-through-wallet/src/PassThroughWalletImpl.sol#L128
Tool used
Manual Review
Recommendation
We recommend the protocol uncomment the receive() external payable in PassThroughWalletImpl