Improper WStETH contract implementation
Summary
stETH wrapper token is poorly implemented which opens up the system to a number of attacks.
Vulnerability Details
The mint function in the wstETH contract allows address to mint an unlimited number of tokens as shown below
Also the contract implements a wrap function to convert stETH to wstETH but fails to offer an unwrap function for converting wrapped tokens back to the underlying token
Impact
Users can mint any amount of tokens at will and it is impossible to get back ones deposited token from the wrapper contract
Tools Used
Manual Review
Recommendations
Consider Implementing an unwrap function for converting wstETH to stETH and also proper guards and validation should be implemented in the wstETH mint function
Lead Judging Commences
Lack of access control in `StETHMock:mint` and `WStETHMock::mint`
Lack of an unwrap method in WStETHMock.sol leads to funds stuck as WstETHMock
Lack of access control in `StETHMock:mint` and `WStETHMock::mint`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.