Weather Witness
First Flight #40
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

ETH Locked: No Withdrawal Function Implemented Despite Receiving Ether

0xshield

Root + Impact

Description

  • The expected behavior is that ETH sent to a contract is retrievable unless intentionally locked or burned.

  • The WeatherNft contract accepts ETH via the requestMintWeatherNFT function, but it lacks any mechanism to recover the ETH. This means all received ETH becomes permanently inaccessible, even to the contract owner.

function requestMintWeatherNFT(...) external payable returns (bytes32 _reqId) {
require(msg.value == s_currentMintPrice, WeatherNft__InvalidAmountSent());
...
//@> ETH is accepted here with no way to withdraw it later.
}

Risk

Likelihood:

This issue will occur every time a user mints an NFT by sending ETH to the contract.

The lack of a withdrawal path affects all funds received since contract deployment.

Impact:

ETH sent to the contract is permanently locked.

The locked ETH is inaccessible for any upgrades, refunds, or operational needs.

Proof of Concept

I think the issue is clear enough

Recommended Mitigation

Add a secure withdraw function restricted to the contract owner or an authorized role. For example:

function withdrawETH() external onlyOwner {
payable(owner()).transfer(address(this).balance);
}

If funds are not meant to be withdrawn (i.e., intended to be permanently locked), this should be explicitly stated in the documentation.

Updates

Appeal created

bube Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of `withdraw` function

The contract collects funds for minting a WeatherNFT, but there is no function that allows the owner to withdraw these funds.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.