Biconomy: Nexus

The [Nexus smart account](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L54) can receive Ether but lack mechanisms to send it back, potentially leading to locked funds. This issue arises from the presence of unnecessary payable modifiers on several functions.

​

The following functions in the Nexus smart account contracts are marked as payable:

​

[execute()](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L119)

​

[executeFromExecutor()](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L137)

​

[fallback()](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/base/ModuleManager.sol#L72)

​

[installModule()](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L187)

​

[uninstallModule()](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L201)

​

[initializeAccount()](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L218)

​

These functions can receive Ether, but there are no mechanisms to withdraw or transfer the Ether out of the contract, leading to a potential loss of funds.

​

The impact of this vulnerability is high because funds sent to the contract via these functions can become irreversibly locked, leading to a potential loss of funds. Although the likelihood of this scenario occurring is low, it remains possible if a user inadvertently sends Ether to these functions. This could result in users losing access to their funds, thereby undermining the contract's reliability and trustworthiness.

​

Manual Review

​

Remove the `payable` modifier where is not necessary.

​