The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Fallback `receive()` Function with Receive Ether lacks logic. Malicious actors could exploit this to send arbitrary Ether to the contract, leading to unintended behavior or Ether drainage.

0xVinylDavyl

Summary

The receive() function without any logic can be a vulnerability point, potentially allowing anyone to send Ether to the contract without constraints.

Vulnerability Details

https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/LiquidationPoolManager.sol#L31C4-L31C34

receive() external payable {}

Impact

An attacker could potentially use this function to drain Ether from the contract.

Tools Used

VsCode / Manual

Recommendations

Consider implementing specific logic or restrictions within the receive() function to handle incoming Ether appropriately. If the contract is not intended to accept Ether, it may be more secure to remove the receive() function altogether.

receive() external payable {
// Add appropriate logic or restrict incoming Ether if necessary
revert("Ether not accepted");
}

Or remove or hidden if not being used

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

0xVinylDavyl Submitter
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.