Closed sherlock-admin3 closed 3 months ago
w42d3n
high
The contract BaseLSTVaultUpgradeable.sol works with native Ether, but it has no methods to handle Ether.
In case, the contract invoked by another contract along with the Ether transfer, any Ethers transferred would be stuck in this contract permanently.
Lost of funds for users
https://github.com/sherlock-audit/2024-05-napier-update/blob/main/napier-uups-adapters/src/adapters/BaseLSTVaultUpgradeable.sol#L1-L150
Manual Review
Include a fallback function to handle unexpected incoming Ethers.
for example:
receive() external payable { //fallback function to receive Ethers }
1 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; Users sending ETH/native tokens accidentally, is not a valid medium/high.
w42d3n
high
Lack of ETH Handling
Summary
The contract BaseLSTVaultUpgradeable.sol works with native Ether, but it has no methods to handle Ether.
Vulnerability Detail
In case, the contract invoked by another contract along with the Ether transfer, any Ethers transferred would be stuck in this contract permanently.
Impact
Lost of funds for users
Code Snippet
https://github.com/sherlock-audit/2024-05-napier-update/blob/main/napier-uups-adapters/src/adapters/BaseLSTVaultUpgradeable.sol#L1-L150
Tool used
Manual Review
Recommendation
Include a fallback function to handle unexpected incoming Ethers.
for example: