Using transfer() function for ETH transfers will revert if the receiver implements receive() function
Summary
In TokenManagercontract, transfer()function is used by the protocol to transfer ETH to the msg.senderwhen he calls withdraw(). The problem is that this function will revert if more than 2300 gas was used and if the msg.senderis a smart contract that implements receive()functionality, the transaction will revert.
Vulnerability Details
Take a look at withdraw()functionality in TokenManagersmart contract:
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/TokenManager.sol#L168-169
The problem here is that the protocol uses transfer()to transfer ETH. And if the msg.senderis a smart contract that implements receive()functionality, the call will use more than 2300 gas and that will lead to tx revert.
Impact
The transaction for user will revert and it'll not be possible to withdraw ETH.
Tools Used
Manual review.
Recommendations
Use call()instead of transfer()
Lead Judging Commences
[invalid] finding-TokenManager-withdraw-transfer-2300-gas
Invalid, known issues [Medium-2](https://github.com/Cyfrin/2024-08-tadle/issues/1)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.