BkdLocker depositFees can be blocked #8
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-05-backd/blob/main/protocol/contracts/RewardHandler.sol#L50
Vulnerability details
Impact
burnFees will fail if none of the pool tokens have underlying token as native ETH token. This is shown below. Since burnFees fails so no fees is deposited in BKDLocker
Proof of Concept
Recommended Mitigation Steps
ETH should not be sent if none of pool underlying token is ETH. Change it to something like below:
The text was updated successfully, but these errors were encountered: