TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`TwentyOne` contract lacks proper access controls to manage funds

phylax

Summary

TwentyOnecontract lacks access controls to manage funds like a deposit and withdraw function.

Vulnerability Details

The contract is not sustainable if there is no way to deposit funds and withdraw funds because contract may run out of ether and there is no way for the owner to withdraw the funds from the contract.

Impact

  1. Owner cannot access funds.

  2. If a player wins a game and the contract has no funds the the transfer will revert and player will not get paid.

Tools Used

Manual code review

Recommendations

Add access controls where owner can deposit and withdraw funds.

Use Openzeppelin Ownable contract:

import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
contract TwentyOne is Ownable {
// Contract code...
}

Add a depositFunds function with onlyOwner modifier:

function depositFunds() external payable onlyOwner {
// Funds are automatically added to contract balance
}

Add a withdrawFunds function with onlyOwner modifier:

function withdrawFunds(uint256 amount) external onlyOwner {
require(address(this).balance >= amount, "Insufficient balance");
payable(msg.sender).transfer(amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Owner has no method to withdraw

Contract Lacks Mechanism to Initialize or Deposit Ether

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.