Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

Absence of a withdrawal mechanism

Summary

The absence of a withdrawal mechanism in MondrianWallet presents a significant vulnerability, potentially leading to funds being locked within the contract indefinitely. This issue arises from the lack of functionality allowing the contract to withdraw funds from the entry point, despite having the ability to deposit funds into it.

Vulnerability Details

MondrianWallet includes a function (addDeposit) that allows users to deposit funds into the entry point. However, there is no corresponding function to withdraw these funds. This omission prevents users from retrieving their deposited funds, which could lead to a situation where funds are permanently locked within the contract.

Affected Functions: The primary affected function is addDeposit, which deposits funds into the entry point but does not provide a mechanism to withdraw these funds.

Impact

Financial Loss: Users who deposit funds into the entry point through MondrianWallet may lose access to their funds, leading to financial loss.

Trust Issues: The inability to withdraw funds could erode trust in the contract, affecting its adoption and usage.

Operational Disruption: Without a withdrawal mechanism, the contract's operational efficiency could be severely impacted, as users may avoid depositing funds due to the risk of permanent loss.

Tools Used

Hardhat

Recommendations

Implement Withdrawal Functionality: Develop and integrate a withdrawal function into MondrianWallet. This function should allow users to withdraw their deposited funds from the entry point, ensuring that funds are not permanently locked within the contract.

function withdrawDepositTo(address payable withdrawAddress, uint256 amount) public onlyOwner {
i_entryPoint.withdrawTo(withdrawAddress, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.