TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Insecure Use of transfer in endGame Function

blacksquirrel

Summary

The endGame function utilizes the transfer method to send ETH to the winner. The transfer() function was commonly used in earlier versions of Solidity for its simplicity and automatic reentrancy protection. However, it was identified as potentially problematic due to its fixed gas limit of 2300.

Vulnerability Details

The transfer method sends a fixed amount of 2300 gas to the recipient, which is typically sufficient only for simple ETH transfers. If the recipient is a contract that requires more gas to process the incoming ETH (e.g., due to fallback functions or complex logic), the transfer will fail, reverting the entire transaction.

Impact

If the transfer fails, the entire prize distribution process is reverted, leaving the player without reward .

Tools Used

Manual code review.

Recommendations

Utilize the call method to send ETH, allowing for dynamic gas management and better handling of transfer outcomes.

function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards; // Clear the player's cards
delete dealersDeck[player].dealersCards; // Clear the dealer's cards
delete availableCards[player]; // Reset the deck
if (playerWon) {
(bool success, ) = player.call{value: 2 ether}("");
require(success, "Transfer failed.");
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.