# #44081 \[SC-Low] Users ETH could be stuck forever without a way to recover it **Submitted on Apr 16th 2025 at 18:42:01 UTC by @MrMorningstar for** [**Audit Comp | Spectra Finance**](https://immunefi.com/audit-competition/audit-comp-spectra-finance) * **Report ID:** #44081 * **Report Type:** Smart Contract * **Report severity:** Low * **Target:** * **Impacts:** * Permanent freezing of funds ## Description ## Brief/Intro Whenever native token is transfered from the contract it is done throught `execute` which eventually invoke `_dispatch` function. For the purpose of this finding we would focus on this part of the function: ``` } else if (command == Commands.TRANSFER_NATIVE) { (address recipient, uint256 amount) = abi.decode(_inputs, (address, uint256)); (bool success, ) = payable(recipient).call{value: amount}(""); } ``` ## Vulnerability Details The issue here is that the protocol does not check if the call was successful or not, which could lead that protocol funds be stuck to the contract forever. Check PoC section for very common scenario. ## Impact Details The mentioned scenario is very common and likelihood it to happen is High which will lead the funds to be permanently stuck/froze forever. ## Recommendation Make sure the protocol check if call is successful: ```diff else if (command == Commands.TRANSFER_NATIVE) { (address recipient, uint256 amount) = abi.decode(_inputs, (address, uint256)); (bool success, ) = payable(recipient).call{value: amount}(""); + require(success, "Native transfer failed"); } ``` ## Proof of Concept ## Proof of Concept The common (but not the only) scenario I will describe is this: Transfering wrapped native token to the protocol and send out native token to the recipient. So the command execution would look like this: 1. `TRANSFER_FROM` - transfer wrapped native to the protocol 2. `WITHDRAW_NATIVE_FROM_WRAPPER` - withdraw native from wrapped native to the protocol 3. `TRANSFER_NATIVE` - from the protocol to the recipient So the user send wrapped native to the protocol expecting to sent native token to the recipient, but for some reason (it could be grieving or the address is not able to receive native token, there are many reasons why it would fail) the transfer is not successful. The issue is that then that these native tokens would not be sent back to the user, but to the protocol because protocol sent them and there is no way for them to be recovered by our user which will make his funds stuck and lost forever. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/spectra-finance/44081-sc-low-users-eth-could-be-stuck-forever-without-a-way-to-recover-it.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.