InfinityStaker: The rescueETH function cannot rescue any ETH accidentally sent to the contract #23
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L345-L348
Vulnerability details
Impact
The rescueETH function of the InfinityStaker contract is used to withdraw the ether from the contract, but the value of .call is msg.value instead of this.balance, which prevents the owner from withdrawing the ether from the contract
Proof of Concept
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L345-L348
Tools Used
None
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: