receive function #94
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
pauliax
Vulnerability details
Impact
Slingshot contract does not need a 'receive' function as it is not supposed to receive ETH directly. Executioner has this function too and it needs to receive ETH from the WETH contract. Because it expects only WETH to send the native asset directly, it should check that the msg.sender is actually WETH contract.
Recommended Mitigation Steps
receive() external payable {
require(msg.sender == wrappedNativeToken, "...");
}
The text was updated successfully, but these errors were encountered: