GivingThanks

First Flight #28

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing receive() and fallback() Functions in GivingThanks.sol to Handle Incoming Ether Transfers

koinerdegen

Summary:

The GivingThanks.sol contract currently lacks the ability to accept Ether sent directly to the contract. Without a receive() or fallback() function, any direct transfer of Ether to the contract will revert the transaction. Adding a receive() function will allow the contract to accept Ether sent directly, ensuring that transactions don’t fail when Ether is mistakenly sent.

Vulnerability Details:

Low. Only suggesion for better practice

Impact:
The impact is moderate but could affect the usability of the contract:

Failure to handle Ether transfers: Users who send Ether directly to the contract (either accidentally or intentionally) will cause the transaction to revert.
Loss of Ether: If the contract cannot accept Ether, users might lose funds if they mistakenly send Ether to the contract.

Tools Used:

Manual review of the contract code

Recommendations:
Solution: Add `receive()` and/or `fallback()` function

To address this, we recommend adding a receive() function to handle direct Ether transfers. Optionally, you can add a fallback() function to handle transfers with data attached.

Changes to `GivingThanks.sol`:

Add a receive() function to accept Ether with no data attached.
Optionally add a fallback() function to handle any transfers that may include data.

Modified Contract Example:

// SPDX-License-Identifier: MIT

pragma solidity 0.8.19;

import { CharityRegistry } from "./CharityRegistry.sol";

import { ERC721URIStorage } from "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";

import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";

import { Base64 } from "@openzeppelin/contracts/utils/Base64.sol";

contract GivingThanks is ERC721URIStorage {

// Receive Ether

receive() external payable {

// Optionally, handle incoming Ether with some logic

// You can log events, forward Ether to other addresses, or simply accept the Ether

}

// Fallback function (optional)

fallback() external payable {

// Handle Ether with data if necessary or log the event

}

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.