In the Anchor.sol contract there is a payable receive function to accept incoming eth from anyone but there isn't any withdraw function to return it, if for some reason someone accidentally send ether to this contract there won't be any way to recover it and it will be lost for ever
helpMePlease
high
No function to return money
In the
Anchor.sol
contract there is a payablereceive
function to accept incomingeth
from anyone but there isn't any withdraw function to return it, if for some reason someone accidentally sendether
to this contract there won't be any way to recover it and it will be lost for everVulnerability Detail
See summary
Impact
Loss of funds for the user or the sender
Code Snippet
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/core/Anchor.sol#L87
Tool used
Manual Review
Recommendation
It is recommended to use mapping to store the amount of eth receive and then allow user to withdraw based on it