Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Missing Withdrawal Function for Contract Fee in buyOrder Function

bryanconquer

Summary

The contract lacks a withdrawal function to allow the owner to withdraw accumulated fees. The contract successfully collects fees via the buyOrder function (stored via the fee variable), but there is no mechanism to withdraw these funds. Without a proper withdrawal function, the owner is unable to access or use the collected fees, potentially causing the contract to become clogged with Ether over time.

Vulnerability Details

Attempt to withdraw the accumulated fees, only to realize no withdrawal function is available

Impact

There is no function in the contract to withdraw the accumulated fees, which could lead to Ether being locked in the contract.

Tools Used

Manuel review and foundry

Recommendations

Add a withdrawal function to allow the owner to withdraw the accumulated fee. This function should check that only the contract owner can call it and that there are funds available for withdrawal.

function withdrawFee() external onlyOwner {
uint256 balance = address(this).balance;
require(balance > 0, "No funds to withdraw");
(bool success, ) = payable(owner()).call{value: balance}("");
require(success, "Withdrawal failed");
}
Updates

Lead Judging Commences

fishy Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Token misshandling

The extra eth sent by the user in the buy order will be locked in the contract forever

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.