Skip to content

Instantly share code, notes, and snippets.

@bytes032

bytes032/.md Secret

Created May 4, 2023 12:06
Show Gist options
  • Save bytes032/1730cdcdc720d09cbe6121c6f60e0a5f to your computer and use it in GitHub Desktop.
Save bytes032/1730cdcdc720d09cbe6121c6f60e0a5f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.md

Context: RescueFunderLib.sol

Severity: Low

Description:

rescueFunds is used to transfer fund from the contract. The function accepts amount of tokens that should be rescued.

    /**
     * @dev Rescues funds from a contract.
     * @param token_ The address of the token contract.
     * @param userAddress_ The address of the user.
     * @param amount_ The amount of tokens to be rescued.
     */

However, if the token to be rescued is ETH, it transfers the whole balance of the contract, instead of the requested amount.

Estimated to have a severity of Low because it fits in: Contract fails to deliver what was promised, but no one's security is affected

Recommendation:

https://github.com/SocketDotTech/socket-DL/blob/7e35397543bade26c3f1bd0b34fe69875cc3b73f/contracts/libraries/RescueFundsLib.sol#L33-L37

   if (token_ == ETH_ADDRESS) {
+            (bool success, ) = userAddress_.call{value: amount}(
                ""
            );
            require(
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment