THORChain_Router::batchTransferOutAndCallV5
function uses msg.value
in a loop which makes the function unusable for batch transfers of ETH
#77
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-44
🤖_26_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/ethereum/contracts/THORChain_Router.sol#L309-L311
Vulnerability details
Impact
This error makes the
THORChain_Router::batchTransferOutAndCallV5
function unusable for batch swapping ETH, because the full ETH value will be forwarded and depleted with the first transaction causing a revert. This breaks an important functionality for more efficient swaps of large amounts of assets.Tools Used
Slither
Recommended Mitigation Steps
The
fromAmount
property on theTHORChain_Router::TransferOutAndCallData
should be used as the value to send when calling theswapOutV5
function and theTHORChain_Router::batchTransferOutAndCallV5
should keep track whether themsg.value
has been depleted on each loop iteration and revert if so.Assessed type
ETH-Transfer
The text was updated successfully, but these errors were encountered: