The contract does not implement a receive or fallback function, meaning that any ETH sent directly to the contract address will remain trapped. This oversight may lead to unintentional fund loss or restrict future contract interactions with accidental ETH transfers.
In Solidity, if a contract lacks both a receive() and a fallback() function, it cannot handle plain ETH transfers. In this contract, there are functions for sending ETH out (e.g., sendETH
), but no function to accept ETH is defined. As a result, any ETH sent directly (via plain transfers or accidental deposits) is locked in the contract, with no mechanism to retrieve or redirect it.
Loss of Funds: Users who accidentally send ETH to the contract risk permanently locking their funds.
User Frustration: The inability to recover mistakenly sent ETH may erode user trust and hamper adoption.
Operational Issues: Accumulated trapped ETH might affect overall contract balance management and could interfere with planned contract functionalities.
Manual Code Review
Implement a receive() Function:
Add a simple receive()
function to accept ETH transfers:
Implement a Fallback Function (if needed):
If the contract should handle unexpected data, include a fallback function to manage both data and ETH transfers:
Emit Events for Incoming ETH:
Log incoming transfers for monitoring and auditing purposes.
Add Documentation and Testing:
Clearly document the expected behavior for receiving ETH and create tests to ensure that ETH transfers are handled as intended.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.