the unlock method in delayedWETH is callable by anyone
Low/Info issue submitted by Shield
Summary
the unlock method in delayedWETH is callable by anyone
Vulnerability Detail
In the unlock method in delayedWETH even though they mention this in comments but there is a minor possibility that someone calls it directly and the off chain authotity misses it and if 1DELAY_SECONDS` pass then they can drain the contract
Impact
possibility of funds being drained by a unauthorized user
the
unlockmethod indelayedWETHis callable by anyoneLow/Info issue submitted by Shield
Summary
the
unlockmethod indelayedWETHis callable by anyoneVulnerability Detail
In the
unlockmethod indelayedWETHeven though they mention this in comments but there is a minor possibility that someone calls it directly and the off chain authotity misses it and if 1DELAY_SECONDS` pass then they can drain the contractImpact
possibility of funds being drained by a unauthorized user
Code Snippet
https://github.com/ethereum-optimism/optimism/blob/develop/packages/contracts-bedrock/src/dispute/weth/DelayedWETH.sol#L57
Tool used
Manual Review
Recommendation
there should be a check that the
msg.senderis a contract and implements the fault dispute game interface