First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`MondrianWallet2` cannot receive ETH because of no receive function

monstitude

Summary

The MondrianWallet2 contract cannot receive ETH due to not having a receive function. The ability to receive eth, which is one of the most essential function of a wallet, is missing from MondrianWallet2. This makes the MondrianWallet2 contract different from a normal EOA, which can receive ETH. This will also cause issues with transactions that expect the wallet to use ETH.

Vulnerability Details

The MondrianWallet2 contract does not have a receive function, which means it can't receive ETH.

Impact

Users of MondrianWallet2 wallet wont be able to receive ETH, which is one of the most basic wallet functions. This makes it different from a normal EOA, which can receive ETH. This will also cause issues with transactions that expect the wallet to use ETH.

Proof of Concept

Place the following code into ModrianWallet2Test.t.sol

address public USER_1 = makeAddr("user1");
function testZkWalletCanReceiveFunds() public onlyZkSync {
vm.deal(USER_1, AMOUNT);
vm.startPrank(USER_1);
uint256 initialWalletBalance = address(mondrianWallet).balance;
(bool success, ) = payable(address(mondrianWallet)).call{value: AMOUNT}(
""
);
assertEq(success, true);
assertEq(address(mondrianWallet).balance > initialWalletBalance, true);
assertEq(address(mondrianWallet).balance, AMOUNT * 2);
}

In this test, we try to send eth to the MondrianWallet2 but the transaction fails.

Tools Used

No tools were used to find this vulnerability

Recommendations

Add a new function named MondrianWallet2::receive, and make it external and payable.

receive() external payable {}
Updates

Lead Judging Commences

bube Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing receive function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.