Platform: Code4rena
Start Date: 01/08/2023
Pot Size: $91,500 USDC
Total HM: 14
Participants: 80
Period: 6 days
Judge: gzeon
Total Solo HM: 6
Id: 269
League: ETH
Rank: 80/80
Findings: 1
Award: $12.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: dd0x7e8
Also found by: Bughunter101, Fulum, Kaysoft, MatricksDeCoder, SanketKogekar, Sathish9098, T1MOH, Udsen, debo, fatherOfBlocks, grearlake, hpsb, j4ld1na, josephdara, parsely, pep7siup, piyushshukla, ravikiranweb3, shirochan
12.8772 USDC - $12.88
https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L156 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L174 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L192
User can lose ETH during swap. The following functions do not check if ETH was safely transferred to the users:
swapETHForExactTokensswapTokensForExactETHswapExactTokensForETHThe above three functions send Ether via call. Call does not revert if it fails and instead returns a boolean value indicating success or failure. The boolean value is not checked here, so this call can fail silently, and users can potentially lose ETH.
msg.sender.call{value: <AMOUNT>}("");
This call can fail for the following cases:
msg.sender is a contract without a payable fallback function.msg.sender is a contract with a fallback function, but the fallback function reverts or consumes all the available gas.Manual Review
Use a helper function that will safely transfer Eth and check that the call completed successfully.
library TransferHelper { /// @notice Transfers ETH to the recipient address /// @dev Fails with `TransferHelper: ETH_TRANSFER_FAILED` /// @param to The destination of the transfer /// @param value The value to be transferred function safeTransferETH(address to, uint value) internal { (bool success,) = to.call{value:value}(new bytes(0)); require(success, 'TransferHelper: ETH_TRANSFER_FAILED'); } }
function swapETHForExactTokens(uint amountOut, address[] calldata path, address to, uint deadline) payable external returns (uint[] memory amounts) { ... if (msg.value > amounts[0]) TransferHelper.safeTransferETH(msg.sender, msg.value - amounts[0]);
function swapTokensForExactETH(uint amountOut, uint amountInMax, address[] calldata path, address to, uint deadline) payable external returns (uint[] memory amounts) { ... TransferHelper.safeTransferETH(msg.sender, amountOut);
function swapExactTokensForETH(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline) payable external returns (uint[] memory amounts) { ... TransferHelper.safeTransferETH(msg.sender, amounts[1]);
Invalid Validation
#0 - c4-pre-sort
2023-08-09T02:06:47Z
141345 marked the issue as duplicate of #481
#1 - c4-pre-sort
2023-08-09T09:26:04Z
141345 marked the issue as duplicate of #83
#2 - c4-judge
2023-08-20T17:11:09Z
gzeon-c4 changed the severity to 2 (Med Risk)
#3 - c4-judge
2023-08-20T17:11:28Z
gzeon-c4 marked the issue as satisfactory