Location: contracts/src/TreasureHunt.sol:276
The emergency withdraw function explicitly blocks sending back to the owner:
An emergency typically means the owner wants to move funds to a safer wallet they directly control. Blocking the owner as recipient forces them to use a third address, which is precisely the wrong UX in a real emergency.
Likelihood: Low. only triggered during an emergency withdraw attempt.
Impact: Low. Friction in emergency recovery; owner may have to deploy a temporary receiving contract or use another EOA, costing time during an active incident.
Run:
The test passes, the owner is blocked from rescuing funds to their own address.
Remove the recipient != owner restriction:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.