//
ETH Sent Directly to `LamboVEthRouter` is Permanently Locked
gajiknownnothing profile imagegajiknownnothing
Medium

Finding description and impact

In LamboVEthRouter, the createLaunchPadAndInitialBuy() and buyQuote() functions allow users to purchase tokens using ETH. However, the contract also includes a receive() function that permits direct ETH transfers. Any ETH sent directly to the contract is locked, as there is no functionality to manage such ETH or refund it to the sender.

Proof of Concept

The receive() function allows users to transfer ETH to the contract without calling a specific function.

ETH sent this way does not interact with createLaunchPadAndInitialBuy() or buyQuote() and remains unused within the contract. Without a mechanism to handle these funds, the ETH becomes permanently inaccessible.

Recommended mitigation steps

Remove the receive() function.

Links to affected code