Multiple contracts, including the: LiquidityProviders.sol, LiquidityPool.sol, and LiquidityFarming.sol implement a receive function, which would allow the contract to accept any eth transaction sent to it. However, the contracts do not have a way to withdraw that extra ETH, and no reason to accept such ETH transfers that are not function calls in the first place. This could lead to loss of funds sent accidentally to the contracts, while adding no benefit and just making the contract size larger.
Recommendation:
Remove the above mentioned receive functions to avoid accidental loss of funds and reduce unnecessary contract code.
https://github.com/code-423n4/2022-03-biconomy-findings/issues/114#issuecomment-1125184386
Warden: benk10
Issue:
Multiple contracts, including the: LiquidityProviders.sol, LiquidityPool.sol, and LiquidityFarming.sol implement a
receive
function, which would allow the contract to accept any eth transaction sent to it. However, the contracts do not have a way to withdraw that extra ETH, and no reason to accept such ETH transfers that are not function calls in the first place. This could lead to loss of funds sent accidentally to the contracts, while adding no benefit and just making the contract size larger.Recommendation:
Remove the above mentioned
receive
functions to avoid accidental loss of funds and reduce unnecessary contract code.