stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Invalid

The owner of `WrappedTokenBridge` can NOT recover the native coin from inside the contract

Summary

The owner of WrappedTokenBridge is capable of transfering out of the contract any ERC20 via recoverTokens() but can NOT recover the native coin

Vulnerability Details

There is a function in WrappedTokenBridge that allows the owner to transfer ERC20 tokens out of the contract

function recoverTokens(address[] calldata _tokens, address _receiver) external onlyOwner {
if (_receiver == address(0)) revert InvalidReceiver();
for (uint256 i = 0; i < _tokens.length; ++i) {
IERC20 tokenToTransfer = IERC20(_tokens[i]);
tokenToTransfer.safeTransfer(_receiver, tokenToTransfer.balanceOf(address(this)));
}
}

However, there is no function to transfer native coins out of the contract. For example, in Ethereum chain, if there is any amount of ETH sitting in the contract, the owner can NOT get them out.

Impact

Low

Tools Used

Manual review

Recommendations

Add a function that enables the owner to transfer out the native token that is sitting in the contract. That would not impact users because they only have the possibility to pay the transfer fees in linkToken

function recoverNative(address _receiver) external onlyOwner {
if (_receiver == address(0)) revert InvalidReceiver();
(bool success, ) = _receiver.call{value: address(this).balance}("");
if (!success) revert TransferFailed();
}
Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.