Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Locked ETH in - Diamond.sol

heim

Summary

This report identifies a potential issue in Diamond.sol that could lead to locked ETH within the contract.

Vulnerability Details

Diamond.sol has a receive function that allows users to send ETH to the contract. However, the contract currently lacks functionality to withdraw this ETH. Consequently, any ETH sent to the contract through the receive function will be locked and inaccessible.

Impact

Loss of funds: Any ETH accidentally or intentionally sent through the receive function will be locked in the contract and unavailable for use.

Tools Used

Manual code review

Recommendations

Remove the receive function:** If the contract doesn't intend to receive ETH payments, consider removing the receive function altogether. This will prevent users from accidentally sending ETH to the contract.
Implement a withdrawal mechanism:** If the contract needs to receive ETH payments for specific purposes, implement a secure withdrawal mechanism. This mechanism should allow authorized users to withdraw accumulated ETH from the contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.