Summary

Ignoring Return Value of External Contract Call in BridgeRouterFacet.withdraw Function

Vulnerability Details

The contract does not handle the return value of the external contract call in the BridgeRouterFacet.withdraw function. Specifically, on line 112, the contract calls the withdraw function of the IBridge interface without checking its return value.In the IBridge contract returns a uint256

Impact

It could potentially lead to logical errors in the contract. The contract might operate under the assumption that the full zethAmount was withdrawn, while in reality, a different amount might have been withdrawn due to fees or other factors.

Tools Used

Manual Review

Recommendations

To fix this issue, you could modify the BridgeRouterFacet.withdraw function to handle the return value of the withdraw function. For example:

uint256 actualWithdrawn = IBridge(bridge).withdraw(msg.sender, ethAmount);
// handle actualWithdrawn as needed
This way, you can ensure that the contract correctly handles the actual amount withdrawn.