Submission Details
Severity:
Incorrect WETH address in L2
Line of code
Summary
Incorrect Weth Address for base L2
Vulnerability Details
The weth address is set to constant meaning it cannot be changed. This is a problem because the weth address (0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2) provided is the weth address for L1 but the weth address for Base L2 is different.
address constant WETH = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
Functions in the library LibWeth such as wrap or unwrap will not work as intended.
Impact
Certain functions will be DOSed because of the incorrect address of weth when in context of base L2
Tools Used
manual review
Recommendations
Set the correct weth address for base L2
address constant WETH = 0x4200000000000000000000000000000000000006;
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
Hardcoded WETH/WSTETH/USDC/USDT won't be the same on L2's
Appeal created
asefewwexa
about 1 year ago
inallhonesty
about 1 year ago
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
Hardcoded WETH/WSTETH/USDC/USDT won't be the same on L2's
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.