Open code423n4 opened 2 years ago
leastwood
The MochiTreasuryV0.sol contract freely receives ETH from users/other contracts. In the event this does happen, ETH is permanently locked and unrecoverable by the protocol's governance framework.
MochiTreasuryV0.sol
https://github.com/code-423n4/2021-10-mochi/blob/main/projects/mochi-core/contracts/treasury/MochiTreasuryV0.sol
Manual code review Slither
Consider enabling ETH withdraws for the governance role.
this is correct, but i don't agree with risk level
no exploit, this is best practices
Handle
leastwood
Vulnerability details
Impact
The
MochiTreasuryV0.sol
contract freely receives ETH from users/other contracts. In the event this does happen, ETH is permanently locked and unrecoverable by the protocol's governance framework.Proof of Concept
https://github.com/code-423n4/2021-10-mochi/blob/main/projects/mochi-core/contracts/treasury/MochiTreasuryV0.sol
Tools Used
Manual code review Slither
Recommended Mitigation Steps
Consider enabling ETH withdraws for the governance role.