scaraven
commented
2 years ago receive() is only used for sending ethereum with no data. It is impossible for tokens to be locked this way as they work completely separately to ethereum
Closed code423n4 closed 2 years ago
scaraven
commented
2 years ago receive() is only used for sending ethereum with no data. It is impossible for tokens to be locked this way as they work completely separately to ethereum
bghughes
commented
2 years ago receive() is only used for sending ethereum with no data. It is impossible for tokens to be locked this way as they work completely separately to ethereum
Agreed, the warden is misunderstanding the reason for using receive in the first place. Moreover, I would argue that receive should never be used on this contract as the team correctly recognizes.
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Tokens/ZcToken.sol#L1-L156
Vulnerability details
Impact
even contract dosent have risky relative on receive it is good to have because contract should not lock the tokens sent to contract
Proof of Concept
instances of issue: all contracts
Tools Used
manually
Recommended Mitigation Steps
Add recive or fallback function to the contract