r2moon
commented
2 years ago this is correct, but i don't agree with risk level
Open code423n4 opened 2 years ago
r2moon
commented
2 years ago this is correct, but i don't agree with risk level
ghoul-sol
commented
2 years ago no exploit, this is best practices
Handle
leastwood
Vulnerability details
Impact
The
MochiTreasuryV0.solcontract freely receives ETH from users/other contracts. In the event this does happen, ETH is permanently locked and unrecoverable by the protocol's governance framework.Proof of Concept
https://github.com/code-423n4/2021-10-mochi/blob/main/projects/mochi-core/contracts/treasury/MochiTreasuryV0.sol
Tools Used
Manual code review Slither
Recommended Mitigation Steps
Consider enabling ETH withdraws for the governance role.