Submission Details
Severity:
Absence of a withdrawal function for ETH funds within the protocol.
Summary
There is the withrawal function for withdraw all tokens from the protocol.
Vulnerability Details
There is no function to withdraw the ETH funds from the protocol. As a result, the ETH funds will be locked within the protocol indefinitely.
Impact
The ETH funds will be locked within the protocol indefinitely.
Tools Used
manual review
Recommendations
Please reconsider the protocol by adding a function for withdrawing ETH.
function withdraw() external onlyHost {
address payable _host = payable(getHost());
// @Audit Withdraw ETH
uint256 ethBalance = address(this).balance;
(bool success, ) = _host.call{value: ethBalance}("");
require(success, "ETH transfer failed");
// Withdraw other tokens
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
}
Updates
Lead Judging Commences
0xtimefliez 8 months ago
Submission Judgement Published Assigned finding tags:
withdraw function lacks functionality to send ether
0xtimefliez 8 months ago
Submission Judgement Published Assigned finding tags:
withdraw function lacks functionality to send ether
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.