Submission Details
Severity:
LibWeth.sol incorrectly assumes WETH address is the same on L2s
Summary
Currently WETH address is hardcoded:
address constant WETH = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
However this belongs to WETH only on Mainnet, this address is empty on other networks such as Arbitrum, Optimism, Polygon.
Impact
TokenFacet.wrapEth() and TokenFacet.unwrapEth() functions will not work. It means TractorFacet cannot be used to convert ETH into WETH inside batch.
Tools Used
Manual Review
Recommendations
Configure WETH address during deployment instead of hardcoding.
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
Hardcoded WETH/WSTETH/USDC/USDT won't be the same on L2's
Appeal created
inallhonesty 12 months ago
Submission Judgement Published Assigned finding tags:
Hardcoded WETH/WSTETH/USDC/USDT won't be the same on L2's
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.