search

sherlock-audit / 2024-02-optimism-2024-judging

6 stars 4 forks source link

`resolveClaim` accepts ether without any purpose #226

Closed sherlock-admin4 closed 7 months ago

sherlock-admin4 commented 7 months ago

resolveClaim accepts ether without any purpose

Low/Info issue submitted by eeshenggoh

Summary

In FactoryDisputeGame.sol, resolveClaim allows user to redeem bonds.

Vulnerability Detail

It's redundant to have the function that unlocks WETH for the user to redeem after the airgap to have a payable function. Since the function only allows users to redeem and any ether sent is not utilized, the user will lose ether too.

 function resolveClaim(uint256 _claimIndex) external payable { // remove payable

Impact

Ether isn't used and if resolveClaim called with ETH sent will be lost.

Code Snippet

https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/dispute/FaultDisputeGame.sol#L405

Tool used

Manual Review

Recommendation

Convert function to non-payable.

sherlock-admin4 commented 7 months ago

The protocol team fixed this issue in the following PRs/commits: https://github.com/ethereum-optimism/optimism/pull/10151