Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Possible transfer dos because of out-of-gas

jennifersun

Summary

When TokenManager transfers Ether to the receiver, the transfer may be reverted because the 2300 gas may be run out if the receiver is one AA account or contract, and there is some logic when they receive Ether.

Vulnerability Details

When traders want to withdraw Ether, the contract will use transfer to transfer tokens to the trader. Considering that there is one 2300 gas limit for transfer() function , the transfer() might be reverted if the trader account is one AA account or one contract.

function withdraw(
address _tokenAddress,
TokenBalanceType _tokenBalanceType
) external whenNotPaused {
...
if (_tokenAddress == wrappedNativeToken) {
_transfer(
wrappedNativeToken,
capitalPoolAddr,
address(this),
claimAbleAmount,
capitalPoolAddr
);
@=> payable(msg.sender).transfer(claimAbleAmount);
}
}

Impact

The traders may not withdraw the ether because of out-of-gas revert.

Tools Used

Manual

Recommendations

Suggest using low-level call and check the return value.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-TokenManager-withdraw-transfer-2300-gas

Invalid, known issues [Medium-2](https://github.com/Cyfrin/2024-08-tadle/issues/1)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!