Locked ETH vulnerability in NonfungiblePositionManagerMock::increaseLiquidity and GatewayRouterMock::outboundTransfer, resulting in financial loss
Summary
Contract with a payable function, but without a withdrawal capacity.
Vulnerability Details
This is a common issue in smart contract development where the ability to deposit funds is not complemented with the ability to withdraw them, leading to a risk of permanently locking funds.
NonfungiblePositionManagerMock contract contains a payable function increaseLiquidity which allows it to receive ETH, but lacks a corresponding function to withdraw the ETH. This can result in ETH being permanently locked within the contract.
AND,
The GatewayRouterMock contract has a payable function outboundTransfer, which means it can receive Ether. However, there is no function implemented to withdraw Ether from the contract. This can result in Ether being permanently locked within the contract with no way to retrieve it.
The contract's ability to accept ETH without a way to release it constitutes a design flaw that can lead to unintentional locking of funds. Users who interact with the contract may assume that their funds can be withdrawn later, which is not the case here. Without such a function, any Ether received by the contract is effectively stuck.
Impact
Any ETH sent to the contract through the increaseLiquidity and outboundTransfer function cannot be retrieved, leading to a loss of funds for users who send ETH to the contract.
Tools Used
Manual Analysis, AI.
Recommendations
To address this issue, a withdrawal function should be added to the contract. This function should include appropriate access controls to ensure that only authorized entities (e.g., the owner or a multi-sig wallet) can withdraw the funds.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.