Potential for locked ETH due to direct transfers
Without a receive() or fallback() handler, any ETH sent directly to KnowledgeMarket.sol is permanently locked, exposing users who paste the contract address by mistake.
Description
The KnowledgeMarket.sol contract handles ETH payments but lacks mechanisms to handle direct ETH transfers that might occur due to user error or misunderstanding of the payment process. Since the contract does not implement receive() or fallback() functions, any ETH sent directly to the contract address (outside of the normal mint() function) would become permanently locked.
Given that this contract deals with ETH payments, users might mistakenly send ETH directly to the contract address, expecting it to trigger some functionality, which would result in permanent loss of those funds.
Impact
Funds permanently locked when users send ETH directly to the contract instead of through the mint() function.
Recommendation
Implement a receive() function that reverts to prevent accidental direct transfers:
/*** @dev Prevents accidental direct ETH transfers* @notice Use the mint() function to purchase access tokens*/receive() external payable {revert("Direct ETH transfers not allowed. Use mint() function.");}
Resolution
Ipal Network: Confirmed. We agreed with the recommendation and have implemented a receive() function that reverts on direct Ether transfers.
Zealynx: Fixed. The contract now implements a receive() function that reverts with a clear error message "Direct ETH transfers not allowed. Use mint() function.", preventing accidental direct ETH transfers and potential permanent loss of funds.
