Closed code423n4 closed 1 year ago
I think this is incorrect as the account can call any token out
The account with a private key for the DefaultAccoutn can submit a transaction from it (laternaitvelly, an L1→L2 communication could be used)
miladpiri marked the issue as sponsor disputed
After the sponsor clarification, I agree with the Sponsor that the funds can be sweeped out
GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-zksync/blob/main/contracts/DefaultAccount.sol#L230
Vulnerability details
Impact
Users may lose assets
Proof of Concept
The contract DefaultAccount.sol contains a receive function which allows the contract to receive native token. If a user mistankingly sends over some native tokens to the contract, their ether will be stuck.
Tools Used
Vscode
Recommended Mitigation Steps
Implement the
rescuetoken()
function