This report identifies a potential issue in the EnrootFacet.sol that could lead to locked ETH within the contract in the future. While the current implementation doesn't accept ETH payments, modifications could introduce this functionality. If that happens without a withdrawal mechanism, any ETH sent to the contract could become inaccessible.
The EnrootFacet contract lacks a mechanism to handle ETH sent through function calls. None of the functions are currently marked as payable, but future changes might introduce this functionality.
Loss of funds: If the contract is ever modified to accept ETH payments and lacks a withdrawal mechanism, any ETH sent to the contract could become inaccessible.
Manual code review
Consider adding a nonpayable modifier to all functions in the EnrootFacet contract. This will prevent accidental sending of ETH through function calls in the current implementation and any future modifications.
If the contract ever needs to accept ETH payments in the future, implement a secure withdrawal mechanism. This mechanism should allow authorized users to withdraw accumulated ETH from the contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.