Locked ETH in EnrootFacet.sol
Summary
This report identifies a potential issue in the EnrootFacet.sol that could lead to locked ETH within the contract in the future. While the current implementation doesn't accept ETH payments, modifications could introduce this functionality. If that happens without a withdrawal mechanism, any ETH sent to the contract could become inaccessible.
Vulnerability Details
The EnrootFacet contract lacks a mechanism to handle ETH sent through function calls. None of the functions are currently marked as payable, but future changes might introduce this functionality.
Impact
Loss of funds: If the contract is ever modified to accept ETH payments and lacks a withdrawal mechanism, any ETH sent to the contract could become inaccessible.
Tools Used
Manual code review
Recommendations
Consider adding a nonpayable modifier to all functions in the EnrootFacet contract. This will prevent accidental sending of ETH through function calls in the current implementation and any future modifications.
If the contract ever needs to accept ETH payments in the future, implement a secure withdrawal mechanism. This mechanism should allow authorized users to withdraw accumulated ETH from the contract.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.