Platform: Code4rena
Start Date: 13/05/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 65
Period: 3 days
Judge: hickuphh3
Total Solo HM: 1
Id: 125
League: ETH
Rank: 63/65
Findings: 1
Award: $14.84
π Selected for report: 0
π Solo Findings: 0
π Selected for report: pedroais
Also found by: 0x4non, 0x52, 0xf15ers, 0xliumin, CertoraInc, Dravee, GimelSec, IllIllI, MaratCerby, StErMi, TerrierLover, WatchPug, berndartmueller, cccz, dipp, fatherOfBlocks, hake, hickuphh3, hyh, isamjay, mtz, oyc_109, p4st13r4, peritoflores, rotcivegaf, saian, simon135, sorrynotsorry, sseefried, tabish, z3s
14.8433 USDC - $14.84
A send of ether is done on LidoVault.sol:140. It is immediately followed by a return statement which will cause the function to return without checking the sent value on line 142. Line 142 is dead code.
The impact is that the _to address might not receive the ether yet the contract will not (correctly) revert.
See lines 140-142
Manual inspection
Place the return statement following the require statement.
(bool sent, bytes memory data) = address(_to).call{value: receivedETHAmount}(''); require(sent, Errors.VT_COLLATERAL_WITHDRAW_INVALID); return receivedETHAmount;
#0 - sforman2000
2022-05-18T01:33:46Z
Duplicate of https://github.com/code-423n4/2022-05-sturdy-findings/issues/157 (high risk)