Summary

The use of low-level calls is error-prone. Low-level calls do not check for code existence or call success

Vulnerability Details

The function unstake contract uses a low-level .call() to send Ether to an address. It doesn’t check if the to address is a contract with code. If the to address is a contract, it could potentially execute malicious code when it receives the Ether.

Impact

In the unstake function, of the BridgeReth.sol, the Ether transfer could potentially go through and then the function could revert due to the assert(sent) on line. In the event that the to address is a contract, the .call() function will forward all remaining gas to the called contract. If the receiving contract has a fallback function that consumes a lot of gas or reverts, it could cause the unstake function to revert even if the Ether transfer was successfull.

Tools Used

Manual code review

Recommendations

use higher-level functions like .transfer() or .send(), These functions only forward a limited amount of gas and are unlikely to be affected by the behavior of the receiving contract.
line 105 in BridgeReth.sol can be changed to to.transfer(netBalance).
This automatically throws an exception if the transfer fails, reverting all changes made in the current call frame. It’s a safer way to send Ether.