Submission Details
Severity:
DOS on receive function
The totalFees variable does not account for ETH sent directly to the contract. The receive() function allows the contract to accept ETH but does not update totalFees, causing a discrepancy between the contract's actual balance and the totalFees value. As a result, ETH sent via the receive() function becomes stuck and cannot be withdrawn using withdrawFees.**
Tools Used - manual review
Recommendations-
function withdrawFees() external onlyOwner {
require(totalFees > 0, "No fees to withdraw");
uint256 totalFeesToWithdraw = totalFees;
totalFees = 0;
(bool success,) = payable(owner()).call{value: totalFeesToWithdraw}("");
require(success, "Transfer failed");
}
// Updated receive function to track direct ETH transfers
receive() external payable {
totalFees += msg.value; // Now tracks ALL incoming ETH
}
Updates
Appeal created
n0kto 7 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
invalid_receive_function
Not the best design, but if you send money accidentally, that's a user mistake. Informational.
Rewards breakdown
nSLOC
197This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.