Lack of receive or fallback Function Prevents the TwentyOne Contract from Replenishing Ether, Risking Failure to Process Payouts
Summary
Vulnerability Details
The TwentyOne contract lacks a mechanism to replenish its Ether balance because it does not have a receive or fallback function to accept incoming Ether transfers. As a result, if the contract’s balance is depleted and a player wins, it will be unable to process the payout. This limitation disrupts the contract’s functionality and undermines fairness to users.
Impact
If the contract balance is less than 2 ether, the winner will not receive their payout, making the game unfair.
Proof of Concept
The following scenario illustrates the issue where the winner does not receive a payout due to an insufficient contract balance:
Initial Contract Balance: 0 ether
A player starts a game and stakes 1 ether
Contract Balance: 1 ether
If the player wins and initiates the call, the contract will fail to process the payout since the balance is less than 2 ether.
Tools Used
Manual Review
Manual Review
Recommendations
To address this issue, the contract should include either a receive or fallback function to accept incoming Ether:
Lead Judging Commences
Contract Lacks Mechanism to Initialize or Deposit Ether
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.