Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 64/65
Findings: 1
Award: $14.84
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: pedroais
Also found by: 0x4non, 0x52, 0xf15ers, 0xliumin, CertoraInc, Dravee, GimelSec, IllIllI, MaratCerby, StErMi, TerrierLover, WatchPug, berndartmueller, cccz, dipp, fatherOfBlocks, hake, hickuphh3, hyh, isamjay, mtz, oyc_109, p4st13r4, peritoflores, rotcivegaf, saian, simon135, sorrynotsorry, sseefried, tabish, z3s
14.8433 USDC - $14.84
The protocol suppose to send ETH to the user, but in case of fail, nothing will check it.
the code is
140 (bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}(''); 141 return receivedETHAmount; 142 require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID);
it means that if the call to _to will fail , and sent==false, won't be check of this because the function will return before.
I recommend to switch between lines 141 and 142. new code:
140 (bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}(''); 141 require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID); 142 return receivedETHAmount;
#0 - sforman2000
2022-05-18T03:10:33Z