Ether deposited into the PointTokenVault contract is locked
Summary
The Ether sent directly to PointTokenVault will be locked as there is no exposed function to withdraw such ether.
Root Cause
The PointTokenVault contract has receive() to accept ether directly into the vault contract. But, the contract does not expose any functions to withdraw such ether from the contract.
Review the reason to access Ether directly into the contract.
If there is a reason to accept Ether, then ability to spend or withdraw ether should also be added.
Petite Taffy Yeti
Low/Info
Ether deposited into the PointTokenVault contract is locked
Summary
The Ether sent directly to
PointTokenVaultwill be locked as there is no exposed function to withdraw such ether.Root Cause
The
PointTokenVaultcontract hasreceive()to accept ether directly into the vault contract. But, the contract does not expose any functions to withdraw such ether from the contract.https://github.com/sherlock-audit/2024-07-sense-points-marketplace/blob/main/point-tokenization-vault/contracts/PointTokenVault.sol#L382
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
Review the reason to access Ether directly into the contract. If there is a reason to accept Ether, then ability to spend or withdraw ether should also be added.