Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 18/65
Findings: 1
Award: $283.56
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rotcivegaf
Also found by: AuditsAreUS, MaratCerby, StErMi, berndartmueller, cccz, dipp
https://github.com/code-423n4/2022-05-sturdy/blob/main/smart-contracts/GeneralVault.sol#L75 https://github.com/code-423n4/2022-05-sturdy/blob/78f51a7a74ebe8adfd055bdbaedfddc05632566f/smart-contracts/ConvexCurveLPVault.sol#L131-L149
The function depositCollateral() in GeneralVault.sol is payable. This needs to be payable for the case in LidoVault where _depositToYeild() expects ETH to be transferred.
However for the ConvexCurveLPVault.sol and the case when LidoVault is not using Eth as an asset it is still possible for msg.value to be greater than 0. If this is the case any ETH value attached to the transaction will be stuck in the contract.
The function depositCollateral() is payable
function depositCollateral(address _asset, uint256 _amount) external payable virtual { // Deposit asset to vault and receive stAsset // Ex: if user deposit 100ETH, this will deposit 100ETH to Lido and receive 100stETH TODO No Lido (address _stAsset, uint256 _stAssetAmount) = _depositToYieldPool(_asset, _amount);
Consider adding checks to _depositToYieldPool() in ConvexCurveLPVault.sol to require msg.value == 0.
Also add checks to _depositToYieldPool() in LidoVault.sol for the case when asset != address(0) to require msg.value == 0.
#0 - sforman2000
2022-05-18T02:26:27Z