search
Active Boosts

28779 - [SC - Insight] Missing sender address check in receive may lea...

Submitted on Feb 26th 2024 at 21:58:19 UTC by @djxploit for Boost | Puffer Financearrow-up-right

Report ID: #28779

Report type: Smart Contract

Report severity: Insight

Target: https://etherscan.io/address/0xd9a442856c234a39a81a089c06451ebaa4306a72

Impacts:

  • Permanent freezing of funds

hashtag
Description

hashtag
Brief/Intro

The receive function of PufferVault.sol contract, is meant to receive Ether only from Lido. Hence any other ether sent to the contract (accidentally) will be forever locked in the contract, as it will not be accounted for.

hashtag
Vulnerability Details

Add an address check in receive() of PufferVault.sol to ensure the only address sending ETH being received in receive() is the Lido contract.

This will prevent stray Ether from being sent accidentally to this contract and getting locked.

hashtag
Impact Details

Ethers will get permanently locked in the PufferVault contract, if they are sent from addresses other than Lido contract. Furthermore it will also affect the accounting of the totalAssets functions, as it depends on the ether balance of the contract.

hashtag
References

https://etherscan.io/address/0xd9a442856c234a39a81a089c06451ebaa4306a72?utm_source=immunefi

hashtag
Proof of Concept

Receive function of PufferVault contract

We can fix it by adding an address check like

Previous28777 - [SC - Low] pufETHsrcTimelocksolexecuteTransaction - This b...Next28788 - [SC - Critical] Slash during a withdrawal from EigenLayer will ...

Last updated

Was this helpful?