Contract is using deprecated send() function
Summary
The use of send in the unstake function may lead to failures when interacting with contracts that require more than 2300 gas for their fallback functions or when used with multisig wallets.
Vulnerability Details
The send function only forwards 2300 gas, which is often insufficient for contracts that have complex fallback functions or require more gas to process transactions. This can result in failed withdrawals if the recipient is a smart contract with receive function that exceeds this gas limit.
Impact
If the recipient address is a contract with a complex fallback function, the transaction may fail, causing user withdrawals to be unsuccessful. This can disrupt users' ability to retrieve their funds and might affect contracts that use more than 2300 gas, including some multisig wallets.
Tools Used
Manual Review
Recommendations
Use `call()` to prevent potential gas issues.
Lead Judging Commences
Usage of send is not the best thing
Appeal created
Usage of send is not the best thing
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.