The unstake
function uses the send
method to transfer ETH, which may fail if the recipient address is a contract that does not accept ETH transfers.
In the unstake
function :
The send
method attempts to transfer ETH to the address specified by _to
. In Vyper, if the recipient address is a contract, and this contract does not include a __default__(_name: type)
external payable function to handle incoming ETH (which is invoked when ETH is sent to the contract), the transfer will fail. Contracts that do not have this function will not be able to accept ETH, leading to a failed transaction when using send.
If the recipient address is a contract without a proper __default__
function or equivalent to accept ETH, the transaction will fail. This can result in the failure of unstaking operations and potential loss of ETH, as the transfer cannot be completed.
Manual Code Review
To ensure reliable ETH transfers in the unstake function, first, implement a check to verify if the recipient address is a contract and ensure that it can handle ETH transfers. Before executing the transfer, capture the contract's ETH balance, and then perform the transfer. Afterward, verify that the contract's balance has decreased by the exact amount transferred. This process helps confirm that the transfer was successful and that the recipient can handle ETH, reducing the risk of failed transactions or lost funds.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.