[H-05] Orphaned ETH Vulnerability in RockPaperScissors::receive()
Summary
The unrestricted receive() function allows direct ETH transfers that become permanently locked in the contract, providing no utility while creating fund loss risks.
Vulnerability Details
Affected Component
Technical Analysis
-
Silent Acceptance:
ETH transfers succeed without reverting
No connection to game logic
-
Storage Impact:
Increases contract balance irreversibly
No corresponding game state changes
Attack Scenario
Actors:
Patrick (Accidental User)
Contract (Victim)
Steps:
-
Patrick sends ETH directly:
(bool success, ) = address(rps).call{value: 1 ether}(""); -
Transaction succeeds (no revert)
-
Resulting State:
Contract balance increases by 1 ETH
No game created
No refund mechanism exists
Impact
Any ETH sent to the contract address is permanently locked.
Tools Used
Manual Code Review
Recommendations
1) Immediate Fix (Option A)
2) Credit System (Option B)
Appeal created
Orphaned ETH due to Unrestricted receive() or Canceled Game
ETH sent directly to the contract via the receive function or after a canceled game becomes permanently locked
Orphaned ETH due to Unrestricted receive() or Canceled Game
ETH sent directly to the contract via the receive function or after a canceled game becomes permanently locked
Orphaned ETH due to Unrestricted receive() or Canceled Game
ETH sent directly to the contract via the receive function or after a canceled game becomes permanently locked
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.