Gas stipend for external call might be insufficient and lead to stuck ETH
Summary
There is a gas stipend of 3000, but this might not be enough in some cases as some smart contract recipients need more than 3000 gas to receive ETH.
Vulnerability Details
The Fees.sol file contains the following code:
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
As you see, there is a gas stipend of 3000, but this might not be enough in some cases as some smart contract recipients need more than 3000 gas to receive ETH.
Examples of problematic recipients:
1.Recipient is a smart contract that has a payable fallback method which uses more than 3000 gas.
2.Recipient is a smart contract that has a payable fallback function that needs less than 3000 gas but is called through a proxy, raising the call's gas usage above 3000.
Additionally, using higher than 3000 gas might be mandatory for some multi-sig wallets.
Impact
Some recipients will lose access to all of their profit ETH from protocols that are integrated with beedle. This requires a special type of recipient, so it is Medium severity.
Tools Used
Manual Test
Recommendations
At least doubling down the gas stipend should help in most scenarios, but maybe think about dynamic configuration options for it as well.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.