Project

Summary

In the current codebase, there is no mechanism for recovering locked ether, especially in functions that perform external calls or manage critical balances. When combined with the lack of event emissions and inadequate error handling in critical functions, this flaw could result in locked funds that are unrecoverable by any party. This vulnerability could effectively trap user or contract ether, causing substantial financial and operational losses.

Vulnerability Details

The absence of a withdrawal function or mechanism to recover trapped ether presents a critical issue, as ether can inadvertently become irrecoverable. Furthermore, the contract’s use of external calls without proper tracking or error handling (due to missing event emissions) compounds the problem by making it difficult to detect and recover from failed transactions.

Line of Affected Code

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L176-L180

Impact

Permanent Loss of Funds and Operational Dysfunction. Given the frequency of functions that handle external calls without emitting events or using robust error handling, this vulnerability has a high likelihood of manifesting in scenarios where ether becomes trapped due to failed calls or unforeseen transaction failures. Users are also unlikely to be aware of such failures without event tracking, increasing the probability of undetected losses.

The locked ether vulnerability, when paired with the unchecked external calls and missing event logs, significantly amplifies the risk of funds becoming permanently trapped. If a call fails and there is no means to retrieve the ether or the failure goes undetected due to missing events, funds will remain stuck indefinitely. This flaw could not only result in user funds becoming permanently inaccessible but also disrupt other contract functions that rely on these funds, leading to cascading failures in contract operations.

Proof of Concept

1. Call callExternalContract with an invalid target contract or function data.

2. Observe that the call fails due to the require(success, "External call failed") check.

3. Since there is no fallback mechanism to retrieve the ether, the funds sent with this call are now permanently locked in the contract.

Tools Used

Manual Review

Recommendations

Implement a secure withdrawal mechanism that allows administrators to recover locked ether from failed transactions or unforeseen circumstances. Also, consider enhancing error handling and adding event logs for tracking these functions to improve transaction transparency and user awareness.