Funds may remain locked forever in InfiltrationPeriphery contract.
Summary
InfiltrationPeriphery is able to receive ETH but there is no withdrawing functionality.
Vulnerability Detail
InfiltrationPeriphery contract has receive() function which is marked as payable and anyone is able to send ETH to this contract intentionally or by mistake.
Impact
Since there is no withdrawing functionality, all funds that are send directly to the contract without the heal function will remain locked forever but cannot withdraw it.
MaslarovK
medium
Funds may remain locked forever in InfiltrationPeriphery contract.
Summary
InfiltrationPeripheryis able to receive ETH but there is no withdrawing functionality.Vulnerability Detail
InfiltrationPeripherycontract hasreceive()function which is marked as payable and anyone is able to send ETH to this contract intentionally or by mistake.Impact
Since there is no withdrawing functionality, all funds that are send directly to the contract without the heal function will remain locked forever but cannot withdraw it.
Code Snippet
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/InfiltrationPeriphery.sol#L95
Tool used
Manual Review
Recommendation
Implement withdrawing functionality, so if a user mistakenly sends funds to this contract, they can be withdrawn.
Duplicate of #59