TwentyOne

First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Submission Details
Severity: low
Invalid

transfer() depreciated for eth transfers

Summary

The TwentyOne Contract uses the transfer method to send ETH in the endGame function to the winner:
TwentyOne L#170

Vulnerability Details

transfer() is not recommended to use as it has a set gas stipend. If the user is a contract that has a fallback function that consumes more than the gas stipend, the user will not receive the funds. (such as a Safe multisig).

Impact

The owner may not receive the payout.

Tools Used

manual code review/grep


Recommendations

Consider using the send or call functions to send the payout to the winner.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

lcfr Submitter
7 months ago
inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.