Tadle

Tadle
DeFi
30,000 USDC
View results
Submission Details
Severity: low
Invalid

Use of transfer()

Summary

Use of transfer() instead of call() to transfer eth.

Vulnerability Details

The TokenManager::withdrawfunction uses transfer() instead of call() to send Eth.

Found in - https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L169

Impact

The payment of Ether to the intended parties may fail in the following cases:

  1. The smart contract receiving funds fails to implement the payable fallback function

  2. The fallback function receiving funds uses more than 2300 gas units

Tools Used

Manual Analysis

Recommendations

Use call() to send ether.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-TokenManager-withdraw-transfer-2300-gas

Invalid, known issues [Medium-2](https://github.com/Cyfrin/2024-08-tadle/issues/1)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.