LikeRegistry implement receive function allowing funds to get locked in the contract
Summary
The LikeRegistry contract includes a receive function that allows Ether to be sent directly to the contract. However, the absence of a mechanism to properly track or withdraw these funds means that any Ether accidentally or intentionally sent via this receive function can become permanently locked within the contract.
Vulnerability Details
The receive function is intended to accept simple Ether transfers without any associated function calls.
Since the contract does not implement a fallback or withdrawal logic to manage these funds, once Ether is sent directly to the contract via this receive function, it becomes inaccessible.
There is no mechanism (such as an emergency withdrawal function or accounting logic in a mapping) that allows an authorized party or even the sender to reclaim these funds.
Impact
Funds Mismanagement: Any Ether sent directly to the contract will be irrecoverable, resulting in the permanent loss of assets.
Tools Used
Manual Code Inspection
Recommendations
Remove the
receivefunction
Appeal created
invalid_receive_function
Not the best design, but if you send money accidentally, that's a user mistake. Informational.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.