DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

The surplus ether is not returned

hunter_w3b

Summary

The depositEth function is marked as payable but does not properly handle surplus ether above a certain threshold. This could result in the loss of ether for users sending more ether than intended.

Vulnerability Details

In the depositEth function, there is a vulnerability related to handling surplus ether sent by users. The function is marked as payable, which allows users to send ether to it. However, it checks whether the msg.value is less than Constants.MIN_DEPOSIT, and if this condition is not met, it reverts with an "UnderMinimumDeposit" error.

The issue is that if a user sends more ether than Constants.MIN_DEPOSIT, the surplus ether is not returned or refunded to the sender. This can lead to the unintended loss of ether, as there is no mechanism in place to handle the excess funds.

function depositEth(address bridge)

external

payable

nonReentrant

onlyValidBridge(bridge)

{

if (msg.value < Constants.MIN_DEPOSIT) revert Errors.UnderMinimumDeposit();

uint256 vault;

if (bridge == rethBridge || bridge == stethBridge) {

vault = Vault.CARBON;

} else {

vault = s.bridge[bridge].vault;

}

uint88 zethAmount = uint88(IBridge(bridge).depositEth{value: msg.value}()); // Assumes 1 ETH = 1 ZETH

vault.addZeth(zethAmount);

maybeUpdateYield(vault, zethAmount);

emit Events.DepositEth(bridge, msg.sender, zethAmount);

}

Impact

The impact of this issue is financial in nature. Users who accidentally or intentionally send more ether than the specified minimum deposit may lose the surplus ether, as it is not properly handled or refunded by the contract. This can result in a loss of funds and an unsatisfactory user experience.

Tools Used

Manual Review

Recommendations

Refund Excess Ether: Modify the depositEth function to refund any excess ether sent by the user above the Constants.MIN_DEPOSIT. You can use the payable function's msg.sender.transfer() method to refund the surplus ether.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 2 years ago

0xnevi Lead Judge about 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.