Risk of unchecked payment failures in `MondrianWallet::_payPrefund` can cause loss of funds for the `EntryPoint`
Summary
MondrianWallet::_payPrefund does not handle failures when attempting to send ETH to the EntryPoint, potentially allowing malicious activities that could drain the its resources.
Vulnerability Details
MondrianWallet::_payPrefund is designed to send the required ETH to cover transaction costs to the EntryPoint and it currently sends these funds without checking the success of the transaction.
It is assumed that the EntryPoint is responsible for ensuring it receives the necessary funds, however, if the transfer fails and this is not checked or logged, the EntryPoint might proceed with transactions without having received the required funds, potentially leading to financial discrepancies or abuse where the EntryPoint incurs costs without compensation.
Impact
Malicious actors could potentially exploit this by repeatedly causing transactions that fail to transfer ETH correctly, intentionally draining the EntryPoint's resources. Also, ignoring transfer failures could lead to situations where the EntryPoint executes transactions without receiving the necessary funding, which might result in losses or insufficient fund coverage for transaction fees.
Tools Used
Manual review
Recommendations
Check the success of the ETH transfer and handle failures appropriately:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.