Locked ETH in UnripeFacet.sol
Summary
This report identifies a potential issue in UnripeFacet.sol that could lead to locked ETH within the contract. The issue is related to the chop function being marked as payable even though it doesn't necessarily process ETH payments directly.
Vulnerability Details
The chop function in the UnripeFacet contract allows users to chop unripe tokens into their ripe counterparts. While the function itself might not directly handle ETH payments, it accepts them as a parameter.
Here's a breakdown of the concern:
The function is marked as payable. This means that users can send ETH along with the function call.
The function doesn't explicitly handle or utilize the received ETH value.
If a user accidentally or intentionally sends ETH when calling chop, the sent ETH could be locked in the contract.
Impact
Loss of funds: Any ETH accidentally or intentionally sent through the chop function will be locked in the contract and inaccessible.
Tools Used
Manual code review
Recommendations
-
Consider removing the payable modifier from the chop function. If future functionalities within chop require ETH payments for specific purposes, implement a secure mechanism to handle them. This mechanism should clearly explain the purpose of ETH payments and ensure proper processing and withdrawal for authorized users.
-
Add a comment or documentation to the chop function explaining that sending ETH with the call is not required or has no effect.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.