First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing `receive` Function

yaioxy

Summary

The MondrianWallet2 contract is missing a receive function, which is necessary for accepting funds sent to the contract.

Vulnerability Details

The MondrianWallet2 contract is designed to be a smart contract wallet on the zkSync network. In the absence of a paymaster, the contract needs to be able to accept funds to pay for transaction fees. However, the contract does not have a receive function, which means it cannot receive Ether.

PoC

function testCannotReceiveFunds() public {
// Arrange
uint256 amount = 1 ether;
uint256 balanceBefore = address(mondrianWallet).balance;
// Act
vm.expectRevert();
payable(address(mondrianWallet)).transfer(amount);
// Assert
assertEq(address(mondrianWallet).balance, balanceBefore);
}

Impact

Without a receive function, the MondrianWallet2 contract cannot accept funds sent to its address. This means that the contract will not have the necessary funds to pay transaction fees, rendering it unusable for its intended purpose.

Tools Used

Manual review, Foundry

Recommendations

Implement a receive function in the MondrianWallet2 contract

+ receive() external payable {}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing receive function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.