There's no function to withdraw ETH received via receive() function, ETH can be stuck in TimelockController.sol
Summary
no function to pull out ETH received via the receive() function
Vulnerability Detail
When designing smart contracts that receive ETH through the receive() function, it is essential to include a withdrawal function to pull out that received ETH.
Without a withdrawal function, ETH received through the receive() function may become trapped within the contract. This situation can arise due to unexpected behavior or limitations of the contract's logic. By incorporating a withdrawal function, users can ensure that funds are not unintentionally left within the contract, providing a safety net against stuck or stranded funds.
Impact
ETH can be stuck in the TimelockController.sol contract.
PRAISE
high
There's no function to withdraw ETH received via receive() function, ETH can be stuck in TimelockController.sol
Summary
no function to pull out ETH received via the receive() function
Vulnerability Detail
When designing smart contracts that receive ETH through the receive() function, it is essential to include a withdrawal function to pull out that received ETH.
Without a withdrawal function, ETH received through the receive() function may become trapped within the contract. This situation can arise due to unexpected behavior or limitations of the contract's logic. By incorporating a withdrawal function, users can ensure that funds are not unintentionally left within the contract, providing a safety net against stuck or stranded funds.
Impact
ETH can be stuck in the TimelockController.sol contract.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/TimelockController.sol#L117C1-L119
Tool used
Manual Review
Recommendation
add a withdraw() function, so as to ensure that the sent ETH is withdrawable to avoid stuck funds.