DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unchecked Return Values from External Calls in BridgeSteth Contract

0xch

Summary

Unchecked Return Values from External Calls in BridgeSteth Contract

Vulnerability Details

The contract does not check the return values of the transferFrom and transfer functions of the stETH contract. This could potentially lead to unexpected behavior if these functions fail for any reason.

Impact

Tools Used

Manual Review

Recommendations

To resolve this issue, you should explicitly check the return values of the 'transferFrom' and 'transfer' functions. If these functions do not return 'true', the contract should revert with an appropriate error message. Here is an example of how you can modify the 'deposit' and 'withdraw' functions:

function deposit(address from, uint256 amount) external onlyDiamond returns (uint256) {
// Transfer stETH to this bridge contract
bool success = steth.transferFrom(from, address(this), amount);
require(success, "Transfer failed");
return amount;
}
function withdraw(address to, uint256 amount) external onlyDiamond returns (uint256) {
bool success = steth.transfer(to, amount);
require(success, "Transfer failed");
return amount;
}

This way, if the 'transferFrom' or 'transfer' function fails for any reason, the entire transaction will be reverted, preventing any inconsistencies in the contract's state.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.