The Bundler contract implements a receive() function to allow overpayments to be sent and later refunded in the register() logic. However, ETH sent directly to the contract will get stuck in this contract without recovery.
Fix:
Consider implementing some logic in the receive() function to check whether the msg.sender is the StorageRent contract and revert to avoid users mistakenly sending funds to the contract, or
Remove the need for Bundler to store native assets by passing the original msg.sender in the storageRegistry.rent() call so that the storageRegistry can refund msg.sender directly.
The
Bundlercontract implements areceive()function to allow overpayments to be sent and later refunded in theregister()logic. However, ETH sent directly to the contract will get stuck in this contract without recovery.Fix:
receive()function to check whether themsg.senderis theStorageRentcontract and revert to avoid users mistakenly sending funds to the contract, ormsg.senderin thestorageRegistry.rent()call so that thestorageRegistrycan refundmsg.senderdirectly.