# 28779 - \[SC - Insight] Missing sender address check in receive may lea...

Submitted on Feb 26th 2024 at 21:58:19 UTC by @djxploit for [Boost | Puffer Finance](https://immunefi.com/bounty/pufferfinance-boost/)

Report ID: #28779

Report type: Smart Contract

Report severity: Insight

Target: <https://etherscan.io/address/0xd9a442856c234a39a81a089c06451ebaa4306a72>

Impacts:

* Permanent freezing of funds

## Description

## Brief/Intro

The `receive` function of `PufferVault.sol` contract, is meant to receive Ether only from Lido. Hence any other ether sent to the contract (accidentally) will be forever locked in the contract, as it will not be accounted for.

## Vulnerability Details

Add an address check in `receive()` of `PufferVault.sol` to ensure the only address sending ETH being received in `receive()` is the Lido contract.

This will prevent stray Ether from being sent accidentally to this contract and getting locked.

## Impact Details

Ethers will get permanently locked in the PufferVault contract, if they are sent from addresses other than Lido contract. Furthermore it will also affect the accounting of the `totalAssets` functions, as it depends on the ether balance of the contract.

## References

<https://etherscan.io/address/0xd9a442856c234a39a81a089c06451ebaa4306a72?utm\\_source=immunefi>

## Proof of Concept

Receive function of PufferVault contract

```
    receive() external payable virtual {
        VaultStorage storage $ = _getPufferVaultStorage();
        if ($.isLidoWithdrawal) {
            $.lidoLockedETH -= msg.value;
        }
    }
```

We can fix it by adding an address check like

```
    receive() external payable virtual {
        VaultStorage storage $ = _getPufferVaultStorage();
        require($.isLidoWithdrawal, "Not allowed");
        $.lidoLockedETH -= msg.value;
    }
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/puffer-finance/28779-sc-insight-missing-sender-address-check-in-receive-may-lea....md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.