search

sherlock-audit / 2024-01-napier-judging

8 stars 5 forks source link

joshuajee - Lack of proper access control means anyone can withdraw funds sent to the NapierRouter #116

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

joshuajee

medium

Lack of proper access control means anyone can withdraw funds sent to the NapierRouter

Summary

NapierRouter.sol inherits from the PeripheryPayments.sol, this contract have the following functions, unwrapWETH9, sweepToken, sweepTokens, and refundETH. These functions allow any user to transfer any tokens sent to the router. Which could lead to lost of funds.

Vulnerability Detail

Alice sends funds to the router before she could withdraw the token and attacker calls the sweepToken function and claim her tokens

https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/base/PeripheryPayments.sol https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierRouter.sol#L38

Impact

Loss of funds

Code Snippet

    function sweepToken(address token, uint256 amountMinimum, address recipient) public payable {
        uint256 balanceToken = IERC20(token).balanceOf(address(this));
        if (balanceToken < amountMinimum) revert Errors.RouterInsufficientTokenBalance();

        if (balanceToken > 0) {
            IERC20(token).safeTransfer(recipient, balanceToken);
        }
    }

Tool used

Manual Review

Recommendation

Added access modifier to the following function so only authorized people can call them unwrapWETH9, sweepToken, sweepTokens, and refundETH.