TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Using transfer Instead of call May Prevent Interaction with Some Contracts

icon0x

Summary

Vulnerability Details

Using transfer() (which has a fixed 2300 gas stipend) to send ETH may cause transactions to fail when interacting with recipient contracts that require more than 2300 gas for their receive or fallback functions. This limitation can cause failures when interacting with certain contracts, leading to a poor user experience and potential loss of funds.

Impact

Contracts that require more than 2300 gas to process transactions will cause withdrawals to fail permanently, locking funds in the contract and preventing the contract owner from accessing their fees.

Tools Used

Manual Review

Recommendations

To mitigate this, replace transfer() with call() to send Ether and ensure compatibility with contracts requiring more gas, while also adding reentrancy guards:

function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards; // Clear the player's cards
delete dealersDeck[player].dealersCards; // Clear the dealer's cards
delete availableCards[player]; // Reset the deck
if (playerWon) {
- payable(player).transfer(2 ether); // Transfer the prize to the player
+ (bool success,) = payable(player).call{value: 2 ether}("");
+ require(success);
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!