Whenevery someone sends ETH or wETH to the UnwrapAndSendETH
contract, everyone can transfer the funds to themselfs.
The lack of access control on the UnwrapAndSendETH::unwrapAndSendETH
results in that sending ETH or wETH to the contract can be transferred by and to anyone, resulting in a drained contract.
The gist will show an exploit that when ETH and wETH is transferred to the contract the vulnerable method unwrapAndSendETH
will drain the contract and send funds to the attacker.
https://gist.github.com/JordyKingz/89fb701bcf7f4f62ac2ba603d06d9e37
Foundry
In the gist there's also a FixedUnwrapAndSendETH
, which implementes access control for the owner of the contract to call the function, if someone else calls it the function reverts.
https://gist.github.com/JordyKingz/89fb701bcf7f4f62ac2ba603d06d9e37
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.