Closed sherlock-admin2 closed 2 months ago
Hearmen
High
Issue High: EtherFiLib_initiateWithdrawImpl approve to wrong address lead to withdraw fail
In the contract EtherFiLib.sol, the function _initiateWithdrawImpl approve to wrong address which will lead to withdraw fail
_initiateWithdrawImpl
_initiateWithdrawImpl approve eETHReceived eEth to address LiquidityPool
eETHReceived
LiquidityPool
EtherFiLib
function _initiateWithdrawImpl(uint256 weETHToUnwrap) internal returns (uint256 requestId) { uint256 eETHReceived = weETH.unwrap(weETHToUnwrap); eETH.approve(address(LiquidityPool), eETHReceived); return LiquidityPool.requestWithdraw(address(this), eETHReceived); }
and in LiquidityPool.requestWithdraw , eETH will transferFrom sender to withdrawRequestNFT , which will fail due to not approved
LiquidityPool.requestWithdraw
function requestWithdraw(address recipient, uint256 amount) public whenNotPaused returns (uint256) { uint256 share = sharesForAmount(amount); if (amount > type(uint96).max || amount == 0 || share == 0) revert InvalidAmount(); // transfer shares to WithdrawRequestNFT contract from this contract eETH.transferFrom(msg.sender, address(withdrawRequestNFT), amount); uint256 requestId = withdrawRequestNFT.requestWithdraw(uint96(amount), uint96(share), recipient, 0); emit Withdraw(msg.sender, recipient, amount, SourceOfFunds.EETH); return requestId; }
DOS
https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/strategies/SimpleDVTStakingStrategy.sol#L36https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/main/leveraged-vaults-private/contracts/vaults/staking/protocols/EtherFi.sol#L24-L27
https://github.com/etherfi-protocol/smart-contracts/blob/master/src/LiquidityPool.sol#L202-L214
Manual Review
change the function to
function _initiateWithdrawImpl(uint256 weETHToUnwrap) internal returns (uint256 requestId) { uint256 eETHReceived = weETH.unwrap(weETHToUnwrap); eETH.approve(address(WithdrawRequestNFT), eETHReceived); return LiquidityPool.requestWithdraw(address(this), eETHReceived); }
1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
EtherFiLib_initiateWithdrawImpl did not approve to wrong address
Hearmen
High
EtherFiLib_initiateWithdrawImpl approve to wrong address lead to withdraw fail
Summary
Issue High: EtherFiLib_initiateWithdrawImpl approve to wrong address lead to withdraw fail
Vulnerability Detail
In the contract EtherFiLib.sol, the function
_initiateWithdrawImpl
approve to wrong address which will lead to withdraw fail_initiateWithdrawImpl
approveeETHReceived
eEth to addressLiquidityPool
EtherFiLib
and in
LiquidityPool.requestWithdraw
, eETH will transferFrom sender to withdrawRequestNFT , which will fail due to not approvedLiquidityPool
Impact
DOS
Code Snippet
https://github.com/sherlock-audit/2024-06-mellow/blob/main/mellow-lrt/src/strategies/SimpleDVTStakingStrategy.sol#L36https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/main/leveraged-vaults-private/contracts/vaults/staking/protocols/EtherFi.sol#L24-L27
https://github.com/etherfi-protocol/smart-contracts/blob/master/src/LiquidityPool.sol#L202-L214
Tool used
Manual Review
Recommendation
change the function to