ETH Deposited Fees Stuck in Contract Due to Missing Withdrawal Mechanism
Summary
The deposited fees in ETH are stuck in the contract and cannot be withdrawn by the host due to a missing withdrawal mechanism. This issue prevents the host from accessing ETH funds deposited into the protocol.
Vulnerability Details
The contract allows users to deposit ETH as part of their participation fees. However, there is no function implemented to enable the host to withdraw the ETH funds accumulated in the contract. This results in the ETH becoming permanently locked, rendering it inaccessible to the host or any other authorized party.
PoC
-
use this test in
christmasDinnerTest.t.solfunction testDepositedETHIsStuck() public {address payable _cd = payable(address(cd));vm.deal(user1, 10e18);vm.prank(user1);(bool sent, ) = _cd.call{value: 1e18}("");require(sent, "transfer failed");assertEq(user1.balance, 9e18); // Changed user dealing amount in setUp to 10e18assertEq(address(cd).balance, 1e18);vm.prank(deployer);// this function must wipe the contractcd.withdraw();// ETH balance remain the sameassertEq(address(cd).balance, 1e18);}
Impact
Locking of funds Deposited in native ETH
Tools Used
Foundry
Recommendations
Implement a `withdraw` function for the host to transfer the collected ETH to their address.
function withdraw() external onlyHost {address _host = getHost();i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));+ (bool success,)=payable(msg.sender).call{value:address(this).balance}("");+ require(success);}
Lead Judging Commences
withdraw function lacks functionality to send ether
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.