When _isCreation is false, _to mistakenly can be address(0), and when calling the depositTransaction
function. the deposited funds would be lost, to avoid this, consider updating the depositTransaction
to check if address(0) and revert when _isCreation is false and when _to == address(0) is true.
becuase a user can transfer huge amount of ETH and losing that amount of ETH is very bad for user and for protocol.
Impact
Users can lose their funds for ever by sending ether to 0 address by mistake.
Code Snippet
Tool used
Manual Review
Recommendation
one line of code can save huge amount of ETH.
if (_isCreation) {
require(_to == address(0), "OptimismPortal: must send to address(0) when creating a contract");
} else {
require(_to != address(0), "OptimismPortal: _to cannot be address(0)");
}
depositTransaction function must revert in other cases.
Low/Info issue submitted by 0xHunterBug
Summary
calling OptimismPortal2::depositTransaction function does not revert when
_isCreationis false and_to == address(0)is true. https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/L1/OptimismPortal2.sol#L408-L410Vulnerability Detail
When
_isCreationis false,_tomistakenly can be address(0), and when calling the depositTransaction function. the deposited funds would be lost, to avoid this, consider updating the depositTransaction to check if address(0) and revert when_isCreationis false and when_to == address(0)is true. becuase a user can transfer huge amount of ETH and losing that amount of ETH is very bad for user and for protocol.Impact
Users can lose their funds for ever by sending ether to 0 address by mistake.
Code Snippet
Tool used
Manual Review
Recommendation
one line of code can save huge amount of ETH.