MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`stETH` can be paused, potential revert of all calls using wrap function

0xtheblackpanther

Summary

In the wrap function of the WStETHMock contract, there is an absence of a check for the paused status of the stETH token before executing a transfer. As stETH can be paused, it introduces a vulnerability where all transfers would revert if the wrap function is called during the paused state of stETH.

Vulnerability Details

The wrap function in WStETHMock wraps 1 stETH to 1 wstETH without checking whether stETH is paused. The vulnerable code snippet is as follows:

function wrap(uint256 stETHAmount_) external returns (uint256) {
require(stETHAmount_ > 0, "wstETH: can't wrap zero stETH");
_mint(msg.sender, stETHAmount_);
stETH.transferFrom(msg.sender, address(this), stETHAmount_);
return stETHAmount_;
}

Impact

The impact of this issue is that if the wrap function is called while the stETH token is in a paused state, all transfers will revert, potentially leading to undesired outcomes and confusion for users interacting with the contract.

Recommendations

Add a check for the paused status of stETH before executing transfers in the wrap function. This can be achieved by updating the interface and adding the following check:

require(!stETH.isStopped(), "wstETH: transfer stopped");
Updates

Lead Judging Commences

inallhonesty Lead Judge
almost 2 years ago
inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.