Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Mishandling of ETH: contract doesn't have a withdrawal function for native ETH, meaning host cannot access funds

owanemi

Summary

The Christmas Dinner contract handles deposits for ether, but doesn't allow for withdrawals. meaning participants ETH funds will be locked in the contract forever which goes against the contract's intended design

Vulnerability Details

When ETH is sent to the contract, the host can't withdraw to collect ETH to plan for the event. meaning any ETH sent to the contract will be stuck without any purpose in the contract as opposed to the intended design of the contract which said About: It is supposed to sign up participants for a social christmas dinner (or any other dinner), while collecting payments for signing up.

Impact

Host cannot access funds for dinner

Tools Used

Manual Review, Foundry

Recommendations

add a withdraw function for ether

function withdrawEth() public onlyHost {
uint256 amountToWithdraw = address(this).balance;
(bool success,) = payable(host).call{value: amountToWithdraw}("");
if(!success) {
revert ("transfer failed");
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

withdraw function lacks functionality to send ether

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!