Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/governance/treasury/Treasury.sol#L269
When receive function, hasn't a revert() all ethers send contracts will be locked forever.
Bob send ether to contract, funds were locked forever and Bob lost money.
manually
Remove the payable attribute or add a withdraw function.
Nope https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/governance/treasury/Treasury.sol#L164
GalloDaSballo
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/governance/treasury/Treasury.sol#L269
Vulnerability details
Impact
When receive function, hasn't a revert() all ethers send contracts will be locked forever.
Proof of Concept
Bob send ether to contract, funds were locked forever and Bob lost money.
Tools Used
manually
Recommended Mitigation Steps
Remove the payable attribute or add a withdraw function.