Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

[L-3] No ETH Handling Mechanism

nymuelis

Severity

Low

Impact

The contract lacks any mechanism to handle ETH accidentally sent to it. If users mistakenly send ETH directly to the contract address, those funds will be permanently locked with no way to recover them.

Description

The contract doesn't include a receive() or fallback() function to handle incoming ETH transfers. While the contract is primarily designed to work with USDC, it's common for users to mistakenly send ETH to contract addresses.

// LevelOne.sol
// Missing receive() or fallback() function

Without proper ETH handling mechanisms, any ETH sent to the contract will be permanently locked. This is especially problematic because:

  1. The UI/UX might not make it clear that ETH is not used in the protocol

  2. Users often mix up token addresses when performing transactions

  3. There's no recovery mechanism for accidental ETH transfers

Tools Used

Manual code review

Recommended Mitigation

Add a receive() function that either:

  1. Reverts incoming ETH transfers to prevent accidental locks:

receive() external payable {
revert("ETH not accepted. Please use USDC.");
}

  1. OR alternatively, add a recovery mechanism for accidental ETH transfers:

receive() external payable {
emit ETHReceived(msg.sender, msg.value);
}
function recoverETH(address payable recipient) external onlyPrincipal {
require(recipient != address(0), "Zero address recipient");
uint256 balance = address(this).balance;
recipient.transfer(balance);
emit ETHRecovered(recipient, balance);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.