Submission Details
Severity:
Money Deposited in Contract is Getting Locked and cant be withdrawn
Summary
Funds deposited by users are becoming inaccessible due to a flaw in the contract's withdrawal mechanism. Both users and the platform owner are unable to retrieve the locked funds.
Vulnerability Details
The withdrawal process relies on the totalFee variable, which is calculated based on userBalances. However, since userBalances is never updated upon deposit, it always returns zero. As a result:
totalFeeremains zero.The contract does not allow withdrawals.
Deposited funds remain permanently locked.
Impact
Users cannot access their funds for their first date.
The platform owner is unable to withdraw accumulated fees.
The contract becomes non-functional in terms of fund distribution.
Updates
Appeal created
n0kto 6 months ago
Submission Judgement Published Assigned finding tags:
finding_likeUser_no_userBalances_updated
Likelihood: High, always. Impact: High, loss of funds
n0kto 6 months ago
Submission Judgement Published Assigned finding tags:
finding_likeUser_no_userBalances_updated
Likelihood: High, always. Impact: High, loss of funds
Rewards breakdown
nSLOC
197This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.