Submission Details
Severity:
Functions that send Ether to arbitrary destinations
Summary
Unprotected call to a function sending Ether to an arbitrary address.
Vulnerability Details
File: contracts/pipeline/junctions/UnwrapAndSendETH.sol
/// @audit ******************* Issue Detail *******************
UnwrapAndSendETH.unwrapAndSendETH(address) (contracts/pipeline/junctions/UnwrapAndSendETH.sol#27-35) sends eth to arbitrary user
Dangerous calls:
- (success) = to.call{value: address(this).balance}(new bytes(0)) (contracts/pipeline/junctions/UnwrapAndSendETH.sol#31-33)
/// @audit ************** Possible Issue Line(s) **************
L#31-33,
/// @audit ****************** Affected Code *******************
27: function unwrapAndSendETH(address to) external {
28: uint256 wethBalance = IWETH(WETH).balanceOf(address(this));
29: require(wethBalance > 0, "Insufficient WETH");
30: IWETH(WETH).withdraw(wethBalance);
31: (bool success, ) = to.call{value: address(this).balance}(
32: new bytes(0)
33: );
34: require(success, "Eth transfer Failed.");
35: }
Impact
Sending funds to any address without check may result in loss of funds.
Tools Used
Manual Aided Review
Recommendations
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Updates
Lead Judging Commences
giovannidisiena over 1 year ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
Pipeline access control
Prize pool breakdown
Total prize
100,000 USDC
nSLOC
5,77617 USDC / LOC
95,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.