DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: high
Invalid

Locked ETH in EnrootFacet.sol

Summary

This report identifies a potential issue in the EnrootFacet.sol that could lead to locked ETH within the contract in the future. While the current implementation doesn't accept ETH payments, modifications could introduce this functionality. If that happens without a withdrawal mechanism, any ETH sent to the contract could become inaccessible.

Vulnerability Details

The EnrootFacet contract lacks a mechanism to handle ETH sent through function calls. None of the functions are currently marked as payable, but future changes might introduce this functionality.

Impact

Loss of funds: If the contract is ever modified to accept ETH payments and lacks a withdrawal mechanism, any ETH sent to the contract could become inaccessible.

Tools Used

Manual code review

Recommendations

Consider adding a nonpayable modifier to all functions in the EnrootFacet contract. This will prevent accidental sending of ETH through function calls in the current implementation and any future modifications.
If the contract ever needs to accept ETH payments in the future, implement a secure withdrawal mechanism. This mechanism should allow authorized users to withdraw accumulated ETH from the contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.