Locked Ether
Detects contracts that can receive ETH but have no mechanism to withdraw or transfer it, permanently trapping funds.
Locked Ether
Overview
The locked ether detector identifies contracts that can receive ETH (via payable functions, receive(), or fallback()) but have no function capable of sending ETH out. Any ETH sent to these contracts is permanently locked.
Why This Is an Issue
Contracts without withdrawal mechanisms permanently trap all ETH sent to them. This includes accidental sends, coinbase rewards, and selfdestruct-forced transfers. Hundreds of ETH are estimated to be locked in contracts across Ethereum mainnet.
Detection Methodology
- ETH intake detection: Identifies
payablefunctions,receive(), andpayable fallback(). - ETH output detection: Scans for CALL opcodes with non-zero value,
transfer(),send(), andselfdestruct. - Locked identification: Reports contracts with intake but no output mechanism.
Examples
Sample Sigvex Output
{
"detector_id": "locked-ether",
"severity": "low",
"confidence": 0.95,
"description": "Contract has payable receive() function but no function sends ETH (no CALL with value, no transfer, no selfdestruct). All received ETH is permanently locked.",
"location": { "function": "receive()", "offset": 0 }
}Related Detectors
- Ether Balance — ETH balance assumptions
- Payable Fallback — payable fallback without withdrawal