Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-03-aragon/blob/main/packages/contracts/src/core/dao/DAO.sol#L218-L236
The DAO contract can receive funds but can not withdraw, Funds occasionally sent by users will be stuck in those contracts.
Receive funds through deposit function in DAO.sol#L218-L236
/// @inheritdoc IDAO function deposit( address _token, uint256 _amount, string calldata _reference ) external payable override {
And through receive function in DAO.sol#L263-L265
receive() external payable { emit NativeTokenDeposited(msg.sender, msg.value); }
Code review
Add a withdraw function
0xean marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-03-aragon/blob/main/packages/contracts/src/core/dao/DAO.sol#L218-L236
Vulnerability details
Impact
The DAO contract can receive funds but can not withdraw, Funds occasionally sent by users will be stuck in those contracts.
Proof of Concept
Receive funds through deposit function in DAO.sol#L218-L236
And through receive function in DAO.sol#L263-L265
Tools Used
Code review
Recommended Mitigation Steps
Add a withdraw function