Although payable, the flash() function does not account for received ETH in the calculations of the flash trade.
All ETH payment for flash() transaction must go through payback() to be credited.
Impact
Results in loss of trader ETH.
If tokenToBeneficiary is ETH, it gets swept as excess to the beneficiary. Otherwise, it stays in the Swapper.
0x00ffDa
medium
RETRACTED - flash() should not be payable
Summary
SwapperImpl.flash()is payable but any ETH sent in is not accounted for in the function logic.Vulnerability Detail
Although payable, the
flash()function does not account for received ETH in the calculations of the flash trade. All ETH payment forflash()transaction must go through payback() to be credited.Impact
Results in loss of trader ETH. If
tokenToBeneficiaryis ETH, it gets swept as excess to the beneficiary. Otherwise, it stays in the Swapper.Code Snippet
Tool used
Manual Review
Recommendation
flash()should not be payable.