Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No way to retrieve ETH from the contract #18

Closed
c4-bot-6 opened this issue Jan 17, 2024 · 6 comments
Closed

No way to retrieve ETH from the contract #18

c4-bot-6 opened this issue Jan 17, 2024 · 6 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bot-report bug Something isn't working ineligible for award nullified Issue is high quality, but not accepted satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons

Comments

@c4-bot-6
Copy link
Contributor

Lines of code

L12, L13, L59, L60

Vulnerability details

The following contracts contain at least one payable function, yet the function does not utilise forwarded ETH, and the contract is missing functionality to withdraw ETH from the contract. This means that funds may become trapped in the contract indefinitely. Consider adding a withdraw/sweep function to contracts that are capable of receiving ether.

File: src/ManagedWallet.sol

12: contract ManagedWallet is IManagedWallet
13:     {

59:     receive() external payable
60:         {

Assessed type

other
@c4-bot-6 c4-bot-6 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bot-report bug Something isn't working ineligible for award labels Jan 17, 2024
c4-bot-10 added a commit that referenced this issue Jan 17, 2024
@c4-bot-10
The_Madaladinator issue #18
9e4b308
@liveactionllama
Copy link

C4 Note: this was originally reported in the winning bot race submission. It is not eligible for further awards, but was pulled into this findings repo solely for further review and potential inclusion in the final audit report for completeness.

@Picodes
Copy link

Picodes commented Feb 7, 2024

Reports detailing this out-of-scope finding can be found here #1034.

@c4-sponsor c4-sponsor added the sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons label Feb 8, 2024
@c4-sponsor
Copy link

othernet-global (sponsor) acknowledged

@Picodes Picodes mentioned this issue Feb 19, 2024
Closed
@c4-judge
Copy link
Contributor

Picodes marked the issue as satisfactory

@c4-judge c4-judge added satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report labels Feb 21, 2024
@c4-judge
Copy link
Contributor

Picodes marked the issue as selected for report

@othernet-global
Copy link

ManagedWallet has been removed.
othernet-global/salty-io@5766592

@PaperParachute PaperParachute added the nullified Issue is high quality, but not accepted label Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bot-report bug Something isn't working ineligible for award nullified Issue is high quality, but not accepted satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@Picodes @liveactionllama @c4-judge @c4-sponsor @C4-Staff @othernet-global @PaperParachute @c4-bot-6