DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: high
Invalid

Locked ETH in PauseFacet.sol

Summary

This report identifies a potential issue in the PauseFacet contract (PauseFacet.sol) that could lead to locked ETH within the contract. The issue is related to both the pause and unpause functions being marked as payable even though they do not process ETH payments.

Vulnerability Details

The pause and unpause functions within the PauseFacet contract are both marked as payable. These functions are designed for pausing and unpausing the contract and do not expect or require any ETH payments.

If any of these functions are accidentally or intentionally called with a value greater than 0 ETH, the sent ETH will be locked in the contract and inaccessible.

Impact

Loss of funds: Any ETH accidentally or intentionally sent through the pause or unpause functions will be locked in the contract and inaccessible.

Tools Used

Manual code review

Recommendations

Remove the payable modifier from both the pause and unpause functions. These functions currently do not handle ETH payments and making them non-payable will prevent accidental locking of ETH.

If future functionalities within the PauseFacet require ETH payments, implement proper mechanisms to handle them securely. This would involve clearly explaining the purpose of ETH payments within the function and ensuring proper processing and withdrawal for authorized users.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.