search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

itsabinashb - GladiusReactor::`eth` locked permanently in contract #63

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

itsabinashb

high

GladiusReactor::eth locked permanently in contract

Summary

There is no function/mechanism to withdraw ether from GladiusReactor.sol contract, as a result ether will be locked in this contract permanently.

Vulnerability Detail

The BaseGladiusReactor.sol contract was designed to receive ether directly:

    receive() external payable {}

Additionally it has multiple payable functions: To partial/full execution of order -

  1. execute(SignedOrder calldata order,uint256 quantity )
  2. executeWithCallback(SignedOrder calldata order,uint256 quantity,bytes calldata callbackData)
  3. executeBatch(SignedOrder[] calldata orders, uint256[] calldata quantities)
  4. executeBatchWithCallback(SignedOrder[] calldata orders, uint256[] calldata quantities, bytes calldata callbackData)

To full execution of order -

  1. execute(SignedOrder calldata order)
  2. executeWithCallback(SignedOrder calldata order, bytes calldata callbackData)
  3. executeBatch(SignedOrder[] calldata orders)
  4. executeBatchWithCallback(SignedOrder[] calldata orders, bytes calldata callbackData)

This abstract contract is inherited by GladiusReactor.sol contract. However, there is no function to withdraw ether which will be sent to this contract directly & by calling mentioned functions.

Impact

As there are no mechanism/function to withdraw ether from this contract, all ethers, which will be sent to this GladiusReactor.sol, will be locked permanently.

Code Snippet

  1. https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol
  2. https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L48
  3. https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/GladiusReactor.sol

    Tool used

Manual Review

Recommendation

Add a withdraw function in GladiusReactor.sol to withdraw ether from this contract.

sherlock-admin commented 7 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low

0xAadi commented:

Invalid: there is mechanism to refund any remaining ETH to the filler in _fill() function