From c3392144e2fe74d1821a2e11f40b175c200bf706 Mon Sep 17 00:00:00 2001
From: Kenneth <5520036+canychan@users.noreply.github.com>
Date: Mon, 11 May 2026 19:16:36 -0700
Subject: [PATCH] security: fix floating pragma, zero-address validation, and
 ETH recovery

---
 contracts/src/Sandwich.sol         | 9 ++++++++-
 contracts/src/lib/SafeTransfer.sol | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/contracts/src/Sandwich.sol b/contracts/src/Sandwich.sol
index 23aa9c7..b8ddba1 100644
--- a/contracts/src/Sandwich.sol
+++ b/contracts/src/Sandwich.sol
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 
-pragma solidity >=0.8.0;
+pragma solidity 0.8.19;
 
 import "./interface/IERC20.sol";
 import "./lib/SafeTransfer.sol";
@@ -21,9 +21,16 @@ contract Sandwich {
     receive() external payable {}
 
     constructor(address _owner) {
+        require(_owner != address(0), "Invalid owner");
         user = _owner;
     }
 
+    function recoverETH() public {
+        require(msg.sender == user, "shoo");
+        (bool s, ) = msg.sender.call{value: address(this).balance}(new bytes(0));
+        require(s, "ETH transfer failed");
+    }
+
     // *** Receive profits from contract *** //
     function recoverERC20(address token) public {
         require(msg.sender == user, "shoo");
diff --git a/contracts/src/lib/SafeTransfer.sol b/contracts/src/lib/SafeTransfer.sol
index 2ffbdb2..88713b5 100644
--- a/contracts/src/lib/SafeTransfer.sol
+++ b/contracts/src/lib/SafeTransfer.sol
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 
-pragma solidity >=0.8.0;
+pragma solidity 0.8.19;
 
 import "../interface/IERC20.sol";