c4-judge
commented
1 year ago gzeon-c4 marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago gzeon-c4 marked the issue as unsatisfactory: Invalid
c4-sponsor
commented
1 year ago livingrockrises marked the issue as disagree with severity
c4-sponsor
commented
1 year ago livingrockrises marked the issue as sponsor disputed
livingrockrises
commented
1 year ago now that i think of it, it's case of dispute
c4-sponsor
commented
1 year ago livingrockrises requested judge review
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L51 https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L172
Vulnerability details
Impact
If someone sends ether to the contract, it would be highly possible that the ether could be locked forever or never withdrawn by its intended recipient(Owner)
Proof of Concept
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L51 https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L172
Tools Used
Manual
Recommended Mitigation Steps
Add "payable" keyword to the owner state variable as well as to the "_owner" when assigning owner = _owner in init function