TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

gas-limited transfer in `endGame()`

0xshuayb

Summary

The endGame() function brings the game to a close by sending ether to the winner address. The function does so by using the transfer method which has a 2300 gas stipend limit.

Vulnerability Details

In line 170 of the TwentyOne.sol contract where the ether prize is transferred to the winner, the transfer method was used. But this is not the best practice as it has a 2300 gas spend limit.

Impact

transfer() has a hard gas limit of 2300 gas which means that transactions that 0requires gas above the 2300 limit fails which can be seen in cases where the recipient address is a smart contract wallet (like Gnosis Safe) which typically require more than 2300 gas to process incoming ETH

Tools Used

Manual Review

Recommendations

The endGame() function should be modified so that it uses the call method to make ether transfer to the winner's address.

function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards; // Clear the player's cards
delete dealersDeck[player].dealersCards; // Clear the dealer's cards
delete availableCards[player]; // Reset the deck
if (playerWon) {
payable(player).call{value: 2 ether}(""); // Transfer the prize to the player
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.