Lack of proper access control means anyone can withdraw funds sent to the NapierRouter
Summary
NapierRouter.sol inherits from the PeripheryPayments.sol, this contract have the following functions, unwrapWETH9, sweepToken, sweepTokens, and refundETH. These functions allow any user to transfer any tokens sent to the router. Which could lead to lost of funds.
Vulnerability Detail
Alice sends funds to the router before she could withdraw the token and attacker calls the
sweepToken function and claim her tokens
joshuajee
medium
Lack of proper access control means anyone can withdraw funds sent to the NapierRouter
Summary
NapierRouter.sol
inherits from thePeripheryPayments.sol
, this contract have the following functions,unwrapWETH9
,sweepToken
,sweepTokens
, andrefundETH
. These functions allow any user to transfer any tokens sent to the router. Which could lead to lost of funds.Vulnerability Detail
Alice sends funds to the router before she could withdraw the token and attacker calls the sweepToken function and claim her tokens
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/base/PeripheryPayments.sol https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierRouter.sol#L38
Impact
Loss of funds
Code Snippet
Tool used
Manual Review
Recommendation
Added access modifier to the following function so only authorized people can call them
unwrapWETH9
,sweepToken
,sweepTokens
, andrefundETH
.