TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Use `transfer` instead of the `call` function.

oxenzo

Description:

https://github.com/Cyfrin/2024-11-TwentyOne/blob/a4429168302722d14a5e5996d25d6fc5be22a899/src/TwentyOne.sol#L170

The contract uses transfer to send Ether, which can lead to issues since transfer imposes a gas limit of 2300, which might not be sufficient if the recipient is a contract with complex logic in its fallback or receive functions. This can cause transactions to fail unexpectedly.

Impact:

Using transfer can cause transactions to fail if the recipient's fallback or receive function requires more than 2300 gas, leading to potential denial-of-service scenarios and reduced compatibility with certain contracts.

Tools Used:

Manual Review.

Recommended Mitigation:

Replace transfer with call to send Ether. This allows the recipient to receive more gas and avoids unexpected failures.

function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards;
delete dealersDeck[player].dealersCards;
delete availableCards[player];
if (playerWon) {
- payable(player).transfer(2 ether); // Transfer the prize to the player
+ (bool success, ) = payable(player).call{value: 2 ether}("");
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.