TwentyOne

First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Lack of Withdrawal Mechanism for Owner Locks Accumulated Funds

Root Cause

The contract collects ether from losing players but does not provide a function for the contract owner to withdraw these accumulated funds.

Impact

  • Locked Funds: Ether collected remains trapped within the contract indefinitely.

  • Inefficient Capital Use: Accumulated funds cannot be utilized or reinvested by the owner.

  • Potential Security Risk: The growing balance may attract attackers aiming to exploit any undiscovered vulnerabilities.

Recommendations

  • Owner Withdrawal Function: Implement a secure function that allows the contract owner to withdraw excess funds.

  • Access Control: Use access modifiers like onlyOwner to restrict this function to the contract owner.

  • Event Emission: Emit events upon withdrawal for transparency and auditing purposes.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Owner has no method to withdraw

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.