Breezy Tan Dragonfly - Ether can get stuck for operator making it not possible for operator to withdraw due to transfer being used #61
Labels
Low/Info
A Low/Info severity issue.
Non-Reward
This issue will not receive a payout
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Comments
sherlock-admin3
added
Low/Info
|
The protocol team fixed this issue in the following PRs/commits: |
sherlock-admin3
added
Sponsor Confirmed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Breezy Tan Dragonfly
Low/Info
Ether can get stuck for operator making it not possible for operator to withdraw due to transfer being used
Summary
The use of transfer in the function withdrawEtherBalance() can revert if the transaction requires more then 2300 gas, thus making this function to revert and the operator not being able to withdraw ether from the contract. if in the future the gas prices of the opcodes like SLOAD increases then the 2300 gas used in transfer might be insufficient
Root Cause
When the operator calls withdrawEtherBalance() in (MorphoLeverageStrategyExtension.sol) it uses msg.sender.transfer(address(this).balance);
https://github.com/sherlock-audit/2024-10-morpho-x-index/blob/main/index-coop-smart-contracts/contracts/adapters/MorphoLeverageStrategyExtension.sol#L603
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The withdrawEtherBalance() function will not be excecuted making the operator not being able to withdraw ether from this contract.
PoC
No response
Mitigation
To avoid this issue, you can replace the transfer method with a call method that allows you to specify a dynamic amount of gas, like this
// Replace this:
msg.sender.transfer(address(this).balance);
// With this:
(bool success, ) = msg.sender.call{value: address(this).balance}("");
require(success, "Ether transfer failed");
;
The text was updated successfully, but these errors were encountered: