DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Submission Details
Severity: low
Invalid

Native ETH sent to `UnripeFacet.sol` will be stucked

Summary

In UnripeFacet.sol, multiple functions contain payable keyword which indicates that native ethers can be sent along the call. Those functions are:

  • UnripeFacet.sol::chop

  • UnripeFacet.sol::pick

  • UnripeFacet.sol::addUnripeToken

  • UnripeFacet.sol::addMigratedUnderlying

  • UnripeFacet.sol::switchUnderlyingToken

Vulnerability Details

However, these functions doesn't expect to handle ethers and protocol users accidentally send native ethers to these functions, their ethers will be stucked in the contract forever.

Impact

Native ethers send along with these functions will be lost forever.

Tools Used

Manual Analysis

Recommendations

Remove payable keyword if native ether is not expected for the mentioned functions or add checks require(msg.value == 0, "native ethers doesn't accept here."); .

Updates

Lead Judging Commences

floopthepig Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Stuck funds

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.