Potential ETH Lockup in Smart Contracts.
Summary
The smart contract contains a vulnerability where ETH deposits of zero value are not processed correctly.
If a zero value deposit is attempted, the function will return early due to the condition if (_amount == 0) { return; }
This can lead to ETH being left in a state where it cannot be restored or accessed by users.
Vulnerability Details
Condition Triggering Vulnerability: _amount == 0
if depositAmount is zero and ETH sent, the function exits early without processing the transaction.
However, the ETH passed into the function may become stuck if not handled properly.
Impact
User Impact: Users attempting to deposit zero ETH may find their funds stuck in the contract, leading to potential loss or inability to recover the ETH.
Contract Integrity: The contract may experience unintended behavior or loss of funds if not designed to handle such edge cases correctly.
Tools Used
Recommendations
Check and Handle Zero Deposits.
Appeal created
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.