First Flight #15: Mondrian Wallet
First Flight #15
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing Withdrawal Function

0xE79e

Summary

The MondrianWallet contract is missing a function to withdraw excess funds, this function is necessary to allow the contract owner to retrieve funds that exceed the required amount for transactions.

Vulnerability Details

The MondrianWallet contract lacks a mechanism for withdrawing excess funds. Without this feature, any funds deposited into the contract beyond what is needed for transactions are effectively trapped in the contract.

Like mentioned in ERC-4337 docs
"The account MAY pay more than this minimum, to cover future transactions (it can always issue withdrawTo to retrieve it)"

Impact

Without the ability to withdraw excess funds, liquidity is reduced, and funds may remain inaccessible, causing inconvenience for users and the contract owner.

Tools Used

Manual Review

Recommendations

Implement a function allowing the contract owner to withdraw excess funds, with appropriate access controls and checks to ensure security.

+ function withdrawDepositTo(address payable withdrawAddress, uint256 amount) public onlyOwner {
+ i_entryPoint.withdrawTo(withdrawAddress, amount);
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.