Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

No Fallback or Receive Function in BeatToken

r4y4n3

Root + Impact

Description

  • Normal Behavior:
    If ETH is sent to a contract address that does not implement a receive() or fallback() function, the transaction will revert. In some cases, users or other contracts may mistakenly send ETH to the BeatToken contract address, either directly or via selfdestruct. Well-designed contracts often include a receive() or fallback() function to handle such cases gracefully, such as by emitting an event or allowing the owner to recover the ETH.

    Issue:
    The BeatToken contract does not implement a receive() or fallback() function. As a result, any ETH sent to the contract will be rejected and the transaction will revert. This can lead to confusion for users and may result in failed transactions or lost gas fees.

// No receive() or fallback() function is defined in BeatToken.sol

Risk

Likelihood:

  • Most users will not send ETH to this contract, but mistakes or integrations can occur.

Impact:

  • ETH sent to the contract is rejected, resulting in failed transactions and wasted gas.

Proof of Concept

If a user or contract sends ETH to the BeatToken contract:

(bool sent, ) = address(beatToken).call{value: 1 ether}("");
require(sent, "ETH transfer failed");
// This transaction will revert because there is no receive() or fallback() function.

Recommended Mitigation

Implement a receive() or fallback() function that emits an event or allows the owner to recover ETH sent by mistake.

+ event Received(address indexed sender, uint256 amount);
+ receive() external payable {
+ emit Received(msg.sender, msg.value);
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.