Missing ETH Refund Logic and Inability to Receive ETH from in L1Sender
Summary
Vulnerability Details
According to the information provided in the Readme:
The L1Sender currently lacks explicit refund logic for handling excess ETH in transactions, as well as the necessary receive() and fallback() functions for accepting direct Ether transfers. This limitation poses a significant risk in scenarios where excess ETH is expected to be refunded or other external contracts. Without these mechanisms, any excess ETH sent during a transaction might not be recoverable or could result in the loss of funds if the external contract attempts to refund ETH directly to the L1Sender contract.
Impact
Tools Used
Recommendations
Implement receive() and fallback() Functions: Add these functions to the L1Sender to ensure it can accept direct Ether transfers. This is crucial for receiving refunds from external contracts.
Add Refund Logic for Excess ETH: Include logic for handling and refunding excess ETH.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.