Submission Details
Severity:
ETH is effectively trapped in the `ChristmasDinner` contract after deadline, as there’s no host withdrawal mechanism
Summary
In the ChristmasDinner::withdrawfunction it only sweeps the ERC20 tokens and not ETH effectively locking the ETH in the contract after the deadline passes.
function withdraw() external onlyHost {
address _host = getHost();
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
}
Vulnerability Details
When participants deposit ETH, the host has no way to withdraw it making the contract not working as it should and putting funds at risk. Once the deadline passes, there’s no method to recover that ETH at all, since refunds are only possible before the deadline.
Tools Used
Manual code review
Recommendations
Add this line to the withdraw function:
function withdraw() external onlyHost {
address _host = getHost();
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
+ payable(_host).transfer(address(this).balance);
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
withdraw function lacks functionality to send ether
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.