Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/unit/Exercise.t.sol#L19 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/unit/Cancel.t.sol#L14 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/unit/Exercise.t.sol#L19
Contract has a payable function (via receive function) , but without withdrawal capacity. Therefore, ether sent to these particular contracts will be lost.
Ex:
pragma solidity 0.6; contract LockedEth{ function receive() payable public{ } }
references:
https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether
Hardhat,truffle,remix
Payable functions can be removed or a withdraw function can be added.
Out of scope
Test contracts, OOS
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/unit/Exercise.t.sol#L19 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/unit/Cancel.t.sol#L14 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/unit/Exercise.t.sol#L19
Vulnerability details
Impact
Contract has a payable function (via receive function) , but without withdrawal capacity. Therefore, ether sent to these particular contracts will be lost.
Proof of Concept
Ex:
pragma solidity 0.6; contract LockedEth{ function receive() payable public{ } }
references:
https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether
Tools Used
Hardhat,truffle,remix
Recommended Mitigation Steps
Payable functions can be removed or a withdraw function can be added.