Submission Details
Severity:
withdraw() function logic needs to withdraw the Ether amount of the contract as well.
Summary
The withdraw() function only withdraws the ERC20 tokens from the contract to the host. It needs to also withdraw the Ether deposited by users as funds for the Christmas dinner.
Impact
Since there's no other way to withdraw the ether to the host, The ether in the contract is kinda 'stuck' for the host. So they don't get the entirity of the funds for the Chritmas Dinner.
function withdraw() external onlyHost {
address _host = getHost();
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
}
Tools Used
Manual Review
Recommendations
Make the host wallet address payable and send the contract ether as well.
function withdraw() external onlyHost {
address payable _host = payable(getHost());//added (made the address payable)
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
//need to send ether balance too(added)
(bool success, ) = _host.call{value: address(this).balance}("");
require(success, "Ether transfer failed");
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
withdraw function lacks functionality to send ether
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.