Massive Crimson Cougar
Medium
Title: There is an unnamed parameter in the withdraw ETH function of the wrapped token gateway V3 contract
The withdrawETH function contains an unnamed parameter of type address. Solidity requires all parameters to be named for successful compilation. Leaving parameters unnamed can lead to compilation errors and decreases code readability and maintainability.
- The function will not compile, preventing deployment and execution.
- It may indicate incomplete code or oversight.
- The vulnerable line of code is depicted below.
function withdrawETH(address, uint256 amount, address to) external override {Update the function parameter to include a name for the address type or adjust the function logic accordingly.
+ function withdrawETH(address from, uint256 amount, address to) external override {
- function withdrawETH(address, uint256 amount, address to) external override {
+ require(msg.sender == from, "Wrong sender");
+ from = msg.sender;
IAToken aWETH = IAToken(POOL.getReserveAToken(address(WETH)));
uint256 userBalance = aWETH.balanceOf(msg.sender);
uint256 amountToWithdraw = amount;
// if amount is equal to uint(-1), the user wants to redeem everything
if (amount == type(uint256).max) {
amountToWithdraw = userBalance;
}
aWETH.transferFrom(msg.sender, address(this), amountToWithdraw);
POOL.withdraw(address(WETH), amountToWithdraw, address(this));
WETH.withdraw(amountToWithdraw);
_safeTransferETH(to, amountToWithdraw);
}