Absence of a `receive()` Function in `TokenManager.sol` Prevents WETH Withdrawal.
Summary
The TokenManager:withdraw function is used to withdraw users' funds. If the token address is wrappedNativeToken, it attempts to unwrap WETH into ETH. However, this process fails because the TokenManager contract lacks a receive function.
Vulnerability Details
When the TokenManager:withdraw function tries to unwrap WETH into ETH using the following code:
The wrappedNativeToken contract will attempt to send ETH to the TokenManager contract. Since the TokenManager contract does not have a receive function, the transaction will fail, causing the withdrawal process to fail.
Impact
This vulnerability results in the locking of funds, as users will be unable to successfully withdraw their WETH.
Tools Used
Manual
Recommendations
Add a receive function in the TokenManager.
Lead Judging Commences
[invalid] finding-TokenManager-no-native-ETH-receive
Invalid, TokenManager is the implementation contract of 9the transparent upgradeable proxy, as can seen by the comments [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/proxy/UpgradeableProxy.sol#L15). The receive payable is implemented as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/proxy/UpgradeableProxy.sol#L37)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.