search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

Unnecessary receive() and fallback() functions #209

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L54-L57 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L119-L121

Vulnerability details

Description

There doesn't seem to be a use case for the existence of the receive() and fallback() functions. Removing them is recommended as it will prevent accidental ETH transfers to the contract, which will then require the owner to call rescueETH(), creating needless customer support queries.

Recommended Mitigation Steps

Remove the receive() and fallback() functions.

HardlyDifficult commented 2 years ago

This is valid feedback to help prevent user error. Lowering risk and converting it into a QA report for the warden.

HardlyDifficult commented 2 years ago

Merging with https://github.com/code-423n4/2022-06-infinity-findings/issues/209 and https://github.com/code-423n4/2022-06-infinity-findings/issues/213 and https://github.com/code-423n4/2022-06-infinity-findings/issues/214