Loss of funds via payback() external function found in swapperImpl.sol
Summary
Possible Loss of funds via payback() external function found in swapperImpl.sol
Vulnerability Detail
payback() function has its visibility set to external and it also has the payable keyword which means it can receive Ether.
The payback() function isn't supposed to be used outside swapperFlashCallback because it can lead to loss of funds for users as its only used to track ETH payback in flash.
Impact
An unsuspecting user can send ETH to payback(), its an external function and has the payable keyword and he will end up losing all his funds.
HexHackers
high
Loss of funds via payback() external function found in swapperImpl.sol
Summary
Possible Loss of funds via
payback()
external function found in swapperImpl.solVulnerability Detail
payback()
function has its visibility set to external and it also has thepayable
keyword which means it can receive Ether.The
payback()
function isn't supposed to be used outsideswapperFlashCallback
because it can lead to loss of funds for users as its only used to track ETH payback in flash.Impact
An unsuspecting user can send ETH to
payback()
, its an external function and has thepayable
keyword and he will end up losing all his funds.Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L194-L200
Tool used
Manual Review
Recommendation
Please change the visibility of the
payback()
function to internal.