Submission Details
Severity:
withdraw() function fails to handle ETH withdrawals
Summary
The contract contains issues with withdrawal mechanisms, allowing incomplete asset handling during withdrawals.
Vulnerability Details
Incomplete Asset Withdrawal
withdraw()function fails to handle ETH withdrawalsHost can't withdraw all assets from contract
Impact
Withdrawal Impact:
ETH can get stuck in contract
Host needs separate mechanism to recover ETH
Partial asset recovery only
Tools Used
Manual Review
Recommendations
function withdraw() external onlyHost {
address _host = getHost();
// Handle ERC20 tokens
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
// Handle ETH balance
uint256 ethBalance = address(this).balance;
if(ethBalance > 0) {
(bool success, ) = _host.call{value: ethBalance}("");
require(success, "ETH transfer failed");
}
}
Updates
Lead Judging Commences
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
withdraw function lacks functionality to send ether
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
withdraw function lacks functionality to send ether
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.