deposit function of WstEth not working correctly
Closed this issue · 3 comments
code423n4 commented
Lines of code
Vulnerability details
Impact
The deposit function doesnt seem to work at all, or correctly at all. Its missing some code, etc.
Please see my natspec notes below for more clarity:
Apologies, this is 10mins before contest ends, so I'm just going to copy my NatSpec notes here:
function deposit() external payable onlyOwner returns (uint256) {
uint256 wstEthBalancePre = IWStETH(WST_ETH).balanceOf(address(this)); /// @audit checks the token balance in this contract
// solhint-disable-next-line
(bool sent, ) = WST_ETH.call{value: msg.value}(""); /// @audit sends ETH to the address represented by this state constant: WST_ETH
require(sent, "Failed to send Ether"); /// @audit LOW RISK: missing code which converts the sent ETH into wstETH probably via IWStETH interface, and then sends it to this contract
uint256 wstEthBalancePost = IWStETH(WST_ETH).balanceOf(address(this)); /// @audit LOW RISK: checks the token balance in this contract, expecting a change, but no ERC20 token was deposited into this contract yet...
uint256 wstEthAmount = wstEthBalancePost - wstEthBalancePre; /// @audit this will always be 0 until above is fixed
return (wstEthAmount);
}
Proof of Concept
Tools Used
Manual only.
Recommended Mitigation Steps
Complete the code as per my @Audit notes.
c4-pre-sort commented
0xSorryNotSorry marked the issue as low quality report
c4-sponsor commented
toshiSat marked the issue as sponsor disputed
c4-judge commented
Picodes marked the issue as unsatisfactory:
Invalid