Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ETH Dust Accumulation in createAndInitializePoolIfNecessary #128

Open
c4-bot-9 opened this issue Oct 27, 2024 · 1 comment
Open

ETH Dust Accumulation in createAndInitializePoolIfNecessary #128

c4-bot-9 opened this issue Oct 27, 2024 · 1 comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working 🤖_24_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality

Comments

@c4-bot-9
Copy link
Contributor

Lines of code

https://github.com/ronin-chain/katana-v3-contracts/blob/03c80179e04f40d96f06c451ea494bb18f2a58fc/src/periphery/base/PoolInitializer.sol#L15-L35

Vulnerability details

Impact

The createAndInitializePoolIfNecessary function in the PoolInitializer contract is marked as payable, but does not include logic for handling any ETH sent with the transaction. This oversight could result in unintended "dust" ETH becoming trapped in the contract indefinitely. Over time, this could lead to the following impacts:

Proof of Concept

  1. In the PoolInitializer contract:

    • createAndInitializePoolIfNecessary is marked payable, allowing it to receive ETH.
    • This function neither uses nor refunds any ETH sent with the transaction, causing any ETH attached to calls to be trapped in the contract.

  2. Potential Issues:

    • Trapped ETH: ETH sent to this function remains in the contract without a clear mechanism to withdraw, affecting users and creating “dust” balances.
    • Unintended Accumulation: Repeated calls could accumulate dust ETH balances, which could be at risk if an attacker gains unauthorized access to withdraw from the contract.

Tools Used

Manual code review.

Recommended Mitigation Steps

Add a mechanism to refund any unused ETH at the end of the function. For instance, implementing a call to the refundETH() function from the PeripheryPayments contract, if available, would prevent ETH from being trapped in the contract and ensure user funds are safely returned. Alternatively, adding an address(0).call{value: msg.value}(""); call would return any attached ETH back to the sender if unutilized.

Assessed type

Payable
@c4-bot-9 c4-bot-9 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Oct 27, 2024
c4-bot-3 added a commit that referenced this issue Oct 27, 2024
@c4-bot-3
igdbase issue #128
ebf2de5
@c4-bot-12 c4-bot-12 added the 🤖_24_group AI based duplicate group recommendation label Oct 30, 2024
howlbot-integration bot added a commit that referenced this issue Nov 4, 2024
@howlbot-integration
igdbase update issue #128
c14edc6
@howlbot-integration howlbot-integration bot added the sufficient quality report This report is of sufficient quality label Nov 4, 2024
@nevillehuang
Copy link

Would require user error, QA/low could be more appropriate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working 🤖_24_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nevillehuang @c4-bot-9 @c4-bot-12