Closed code423n4 closed 2 years ago
pedroais
Eth could be permanently locked by mistake. The contract has a receive function but no way to extract sent funds. The exitEth function does send eth to users but extra funds in the contract's balance will still be locked.
https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/singleJoinExit/SingleNativeTokenExit.sol#L37
Remove receive function
Duplicate of #253
Handle
pedroais
Vulnerability details
Impact
Eth could be permanently locked by mistake. The contract has a receive function but no way to extract sent funds. The exitEth function does send eth to users but extra funds in the contract's balance will still be locked.
https://github.com/code-423n4/2021-12-amun/blob/98f6e2ff91f5fcebc0489f5871183566feaec307/contracts/basket/contracts/singleJoinExit/SingleNativeTokenExit.sol#L37
Recommended Mitigation Steps
Remove receive function