Open code423n4 opened 2 years ago
I'm not sure in which contract, there are 2 contracts with receive()
function. One doesn't need it, the other does need it. Either way, I don't see a risk for the user of any kind. I think it's non-critical.
The added capability of the contract to receive Ether, without any purpose, is incorrect state handling. A severity of 1 is warranted.
Handle
hickuphh3
Vulnerability details
Impact
There doesn't seem to be a use case for the existence of the
receive()
function. In fact, I will recommend removing it as it will prevent accidental native token transfers to the contract.Recommended Mitigation Steps
Remove the
receive()
function.