Submission Details
Severity:
transfer() is deprecated and should not be used to transfer Ether
Summary
In withdrawFees(), transfer() is used to send ether to the owner. This is not recommended as transfer() sends a fixed gas of 2300 and is deprecated, which may not be sufficient in the future if the EVM gas costs changes. This will cause the funds in the contract to be stucked.
Vulnerability Details
function withdrawFees() public onlyOwner {
uint256 balance = address(this).balance;
-> payable(owner()).transfer(balance);
emit FeeWithdrawn(owner(), balance);
}
Impact
Tools Used
Recommendations
transfer() has been deprecated and call() should be used instead.
function withdrawFees() public onlyOwner {
uint256 balance = address(this).balance;
- payable(owner()).transfer(balance);
+ (bool success,) = payable(owner()).call{value: balance}("");
+ require(success);
emit FeeWithdrawn(owner(), balance);
}
Updates
Appeal created
bube 8 months ago
Submission Judgement Published Assigned finding tags:
Use of `transfer` instead of `call`
Rewards breakdown
nSLOC
109This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.