The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

User will lose unintended send ETH

0xepley

Summary

Any mistakenly send ETH will be locked in the contract due to absence of withdraw function

Vulnerability Details

The codebase have implemented

receive() external payable

multiple times but there isn't any subsequent withdraw function, so any mistakenly send ETH will be locked in the contract. Lets say user A send Ether into the contract either mistakenly or whatever the reason is, now he wants to withdraw that money but he won't be able to do it its because the contract doesn't have any withdraw function. So any ETH sent mistakenly will be locked into the contract and lost forever.

Impact

Loss of funds for the User

Tools Used

Manual Review and previous knowledge

Recommendations

Either make a mapping to store the amount of Eth sent into the contract and then allow withdraw on that base or add a require condition in receive function and allow only specific person or contract

require(msg.sender==IWETH, "unauthorized")
Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

nabeel Submitter
almost 2 years ago
hrishibhat Lead Judge
almost 2 years ago
hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!