Summary

The unstake function relies on the send method, which can fail when interacting with contracts that require more than 2300 gas for their fallback functions or when dealing with multisig wallets.

Vulnerability Details

The send function limits the gas forwarded to 2300, which may not be enough for contracts with complex fallback functions or higher gas requirements for transaction processing. This can lead to failed withdrawals if the recipient is a smart contract with a receive function that exceeds this gas limit.

Impact

If the recipient is a contract with a complex fallback function, the transaction could fail, preventing users from successfully withdrawing their funds. This issue particularly affects contracts needing more than 2300 gas, including certain multisig wallets, potentially disrupting user access to their assets.

Tools Used

Manual Code Review

Recommendations

Consider using the call() function instead to avoid potential gas limitation issues and ensure successful fund withdrawals.