ETH Can Be Trapped in Contract Forever in `Snow.sol::buySnow()`
[Low] ETH Can Be Trapped in Contract Forever in Snow.sol::buySnow()
Description
The Snow.sol contract is declared payable, which means it can receive native ETH. However, there is no explicit receive() or fallback() function defined to handle incoming ETH. While buySnow can accept msg.value, if users accidentally send ETH directly to the contract address (i.e., not through buySnow), or if ETH is sent in an amount not expected by the buySnow logic (as discussed in H-2), that ETH will be irrevocably trapped within the contract. There is no refund mechanism or a function for the owner to withdraw this unintentionally sent ETH.
Risk
Users can permanently lose funds if they mistakenly send ETH directly to the contract. The contract's ETH balance will accumulate these untraceable and unrecoverable funds, which cannot be utilized or returned.
Proof of Concept
The provided testETHTrappedInFallback() function in SnowTest.t.sol demonstrates this scenario:
Recommended Mitigation
Implement a receive() function. For a contract that is not intended to hold arbitrary ETH, the safest and clearest approach is to make this function revert, explicitly rejecting any unexpected ETH transfers. If the contract is designed to receive ETH for other purposes, then a specific handling logic (e.g., wrapping to WETH, forwarding to an owner/treasury) should be implemented.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.