Potential ETH Transfer Failure in TwentyOne::endGame Due to Fixed Gas Limit
Summary
The use of the transfer function in TwentyOne::endGame for ETH transfers may fail due to its fixed 2300 gas limit.
Vulnerability Details
In the endGame function of the TwentyOne contract, ETH rewards are sent to winning players using the transfer function. However, the fixed 2300 gas limit imposed by transfer may cause transactions to fail when interacting with certain smart contract wallets, which require more than 2300 gas for their receive functions. In such cases, the entire game transaction will revert, preventing players from receiving their rightful rewards.
Impact
This issue can lead to the following significant consequences:
Smart Contract Wallet Incompatibility: Players using smart contract wallets may be unable to receive rewards, leading to a poor gaming experience.
Gas Loss for Players: Transaction reverts result in players losing gas fees without receiving their winnings.
Reduced Interoperability: The limitation reduces the contract's ability to interact with other smart contracts, narrowing its potential user base.
Tools Used
Foundry
Recommendations
Replace the transfer function with the more flexible call method for ETH transfers. This approach allows for dynamically adjusting gas limits and ensures compatibility with a wider range of wallets.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.