Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InfinityStaker: The rescueETH function cannot rescue any ETH accidentally sent to the contract #23

Closed
code423n4 opened this issue Jun 15, 2022 · 3 comments
Closed

InfinityStaker: The rescueETH function cannot rescue any ETH accidentally sent to the contract #23

code423n4 opened this issue Jun 15, 2022 · 3 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L345-L348

Vulnerability details

Impact

The rescueETH function of the InfinityStaker contract is used to withdraw the ether from the contract, but the value of .call is msg.value instead of this.balance, which prevents the owner from withdrawing the ether from the contract

Proof of Concept

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L345-L348

Tools Used

None

Recommended Mitigation Steps

function rescueETH(address destination) external payable onlyOwner {
-    (bool sent, ) = destination.call{value: msg.value}(' ');
+   (bool sent, ) = destination.call{value: address(this).balance}('');
      require(sent, 'Failed to send Ether');
}
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Jun 15, 2022
code423n4 added a commit that referenced this issue Jun 15, 2022
@code423n4
cccz issue #23
2ab76c7
@nneverlander
Copy link
Collaborator

Duplicate

@nneverlander nneverlander added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") duplicate This issue or pull request already exists labels Jul 5, 2022
@nneverlander
Copy link
Collaborator

#11

@HardlyDifficult HardlyDifficult added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Jul 9, 2022
@HardlyDifficult
Copy link
Collaborator

HardlyDifficult commented Jul 9, 2022
edited
Loading

Dupe #296

@HardlyDifficult HardlyDifficult added 3 (High Risk) Assets can be stolen/lost/compromised directly and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nneverlander @HardlyDifficult @code423n4