Description:

In the BridgeSteth smart is a critical issue in the depositEth() function that lacks proper error handling. The function does not check the return value of the steth.submit{value: msg.value}(address(0)); call, which means that if the submit() function fails, the depositEth() function will still return a non-zero value, indicating a successful deposit when the user's ETH may not have been successfully converted to stETH.

Impact:

The impact of this issue can be significant:

• Misleading Information: Users may receive a non-zero return value from the depositEth() function, even if their ETH was not successfully converted to stETH. This can mislead users into believing that their deposit was successful when it wasn't, leading to a loss of funds.

• Loss of User Funds: If the submit() function fails for any reason (e.g., due to a smart contract vulnerability, network issues, or incorrect usage), users could lose their deposited ETH without receiving the intended stETH in return.

• Reduced Trust: Such behavior can erode trust in the contract and the associated protocol, as users may become wary of depositing ETH into a system that doesn't properly handle potential errors.

Proof of Concept:

To demonstrate the issue, consider the following hypothetical scenario:

• A user calls depositEth() with 1 ETH.

• The steth.submit{value: msg.value}(address(0)); call fails due to an unexpected issue, but the function continues execution.

• The function returns a non-zero value, indicating a successful deposit.

• In this scenario, the user would receive a non-zero value as a return, falsely believing their deposit was successful, when in reality, they didn't receive the stETH they expected.

##Recommendation:

Implement proper error handling after the steth.submit{value: msg.value}(address(0)); call to check whether the submission was successful or not. If it fails, revert the transaction to prevent the user from receiving a non-zero value when the deposit fails.