DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Unrecoverable Ether in LikeRegistry due to Missing Withdrawal Function

howiecht

Summary

The LikeRegistry contract is designed to receive Ether using its receive() function, but it lacks a corresponding function to allow the contract's owner to withdraw these funds.

Vulnerability Details

The LikeRegistry contract's receive() function allows it to accept Ether transfers. However, there's no withdraw() function or any other mechanism to send the accumulated Ether back to an authorized account. This means any Ether accidentally or intentionally sent to the contract will be permanently locked and unrecoverable.

Impact

This vulnerability leads to a loss of funds. Any Ether sent to the LikeRegistry contract, regardless of the intention, becomes inaccessible. The contract's owner loses the ability to utilize or recover any Ether that accidentally or intentionally gets deposited. This represents a direct financial loss.

Tools Used

Manual code review

Recommendations

Implement withdraw function.

function withdraw(uint256 amount) external {
require(msg.sender == owner(), "Not the owner");
require(amount <= address(this).balance, "Insufficient balance");
(bool success, ) = payable(owner()).call{value: amount}("");
require(success, "Withdraw failed");
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.