The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

SmartVaultManagerV5: setWethAddress without take old balance out from it

touqeershah32

Summary

First think , I don't think so weth contract address is going to change , even it changes and we call this function, but we should take our balance from old address to new one.

Vulnerability Details

Case 1 : We change the weth: address but we didn't move our balance from the old address , so first we have to move our balance to new contract then allow to change the address.

Case 2: If we just change the address without transfer the balance, function like `executeERC20SwapAndFee:SmartVaultV3 get effected the it will not work as expected.

executeERC20SwapAndFee:SmartVaultV3

IWETH weth = IWETH(ISmartVaultManagerV3(manager).weth());

Impact

It will make system unavailable and maybe fail few transitions, waste gas fee.

Tools Used

Manual Review

Recommendations

when call function also call transfer function from ERC20 and move balance from old contract to new one, with one transactions.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!