Submission Details
Severity:
function endGame()
Summary
endGame function uses transfer, to transfer the prize to the player.
Vulnerability Details
function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards; // Clear the player's cards
delete dealersDeck[player].dealersCards; // Clear the dealer's cards
delete availableCards[player]; // Reset the deck
if (playerWon) {
payable(player).transfer(2 ether); // Transfer the prize to the player
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}
Impact
Transfer uses fixed 2300 gas which is too low, it may cause transfer to fail.
Tools Used
Manual Review
Recommendations
Use callinstead, is more flexible it allows to specify how much gas to forward to the recipient.
function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards; // Clear the player's cards
delete dealersDeck[player].dealersCards; // Clear the dealer's cards
delete availableCards[player]; // Reset the deck
if (playerWon) {
(bool success, ) = payable(player).call{value: prize}("");
require(success, "Transfer failed");
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.