UpgradeableProxy contract contains payable functions with no mechanism for withdrawal
Summary
The contract UpgradeableProxy contains a payable function without a presence of a withdrawal function/mechanism.
Commit Hash: 04fd8634701697184a3f3a5558b41c109866e5f8
Repository URL: https://github.com/Cyfrin/2024-08-tadle/tree/main
Vulnerability Details
The UpgradeableProxycontains a receive function through which it can accept funds, however it lacks a corresponding function to withdraw funds, which leads to ETH being locked in the contract.
Impact
The impacted contract is UpgradeableProxy.sol that contains the following receive functon
Tools Used
Manual Code Review: Analyzing the contract code directly.
Static Analysis Tools: Slither - https://github.com/crytic/slither
Recommendations
The function can be either removed, if it is not intended to receive funds, or a withdraw mechanism to be implemented, with restricted access, to be able to extract funds from the contract.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.