Open sherlock-admin2 opened 1 year ago
1 comment(s) were left on this issue during the judging contest.
0xyPhilic commented:
invalid because the design of the protocol does not show desire for ETH compatibility so the issue can be classified as informational
0x52
medium
ConvexSpell is completely broken for any curve LP that utilizes native ETH
Summary
When a Curve pool utilizes native ETH it uses the address
0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
. This is problematic because it will try to call balanceOf on this address which will always revert.Vulnerability Detail
ConvexSpell.sol#L120-L127
ConvexSpell#openPositionFarm attempts to call balanceOf on each component of the LP. Since native ETH uses the
0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
this call will always revert. This breaks compatibility with EVERY curve pool that uses native ETH which make most of the highest volume pools on the platfrom.Impact
ConvexSpell is completely incompatible with a majority of Curve pools
Code Snippet
ConvexSpell.sol#L92-L173
Tool used
Manual Review
Recommendation
I would recommend conversion between native ETH and wETH to prevent this issue.