20,000 USDC
View results
Submission Details
Severity: medium

Gas stipend for external call might be insufficient and lead to stuck ETH

Summary

There is a gas stipend of 3000, but this might not be enough in some cases as some smart contract recipients need more than 3000 gas to receive ETH.

Vulnerability Details

The Fees.sol file contains the following code:

    ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
        .ExactInputSingleParams({
            tokenIn: _profits,
            tokenOut: WETH,
            fee: 3000,
            recipient: address(this),
            deadline: block.timestamp,
            amountIn: amount,
            amountOutMinimum: 0,
            sqrtPriceLimitX96: 0
        });

    amount = swapRouter.exactInputSingle(params);
    IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));

As you see, there is a gas stipend of 3000, but this might not be enough in some cases as some smart contract recipients need more than 3000 gas to receive ETH.

Examples of problematic recipients:

1.Recipient is a smart contract that has a payable fallback method which uses more than 3000 gas.

2.Recipient is a smart contract that has a payable fallback function that needs less than 3000 gas but is called through a proxy, raising the call's gas usage above 3000.

Additionally, using higher than 3000 gas might be mandatory for some multi-sig wallets.

Impact

Some recipients will lose access to all of their profit ETH from protocols that are integrated with beedle. This requires a special type of recipient, so it is Medium severity.

Tools Used

Manual Test

Recommendations

At least doubling down the gas stipend should help in most scenarios, but maybe think about dynamic configuration options for it as well.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.