Summary

The UnwrapAndSendETH contract is designed to unwrap WETH (Wrapped Ether) and send the equivalent amount of ETH to a specified address. However, it contains a vulnerability that allows an attacker to withdraw ETH to arbitrary destinations.

Vulnerability Details

In the unwrapAndSendETH function, the contract checks the WETH balance and then proceeds to withdraw and transfer the entire balance to the specified address (to) using the call function. The use of call without proper access controls or checks allows any user to invoke this function and receive Ether, potentially leading to unauthorized fund transfers.

(contracts/pipeline/junctions/UnwrapAndSendETH.sol#27-35)

Impact

This vulnerability poses a severe risk as it allows arbitrary users to drain the Ether balance of the contract. Malicious actors can exploit this vulnerability to perform unauthorized fund transfers, leading to financial losses for the contract owner and users relying on the proper functioning of the contract.

Tools Used

The vulnerability was identified using the Slither static analysis tool, specifically leveraging the "functions-that-send-ether-to-arbitrary-destinations" detector. Slither highlighted the potential risk associated with the use of the call function in the specified contract.

Recommendations

To mitigate this vulnerability, it is recommended to implement proper access controls in the unwrapAndSendETH function. Consider incorporating a permission system or requiring specific authorization from designated addresses before allowing the transfer of Ether.