Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Various use of "transfer" opcode to send ETH

luongtrongdai

Description:
When refund ETH, the .transfer opcode is used to handle ETH transfer, it does this by forwarding a fixed amount of 2300 gas. This is dangerous for two reasons:

  1. Gas costs of EVM instructions may change significantly during hard forks which may previously assumed fixed gas costs. EIP 1884 as an example, broke several existing smart contracts due to a cost increase of the SLOAD instruction.

  2. If the recipient is a contract or a multisig safe, with a receive/fallback function which requires >2300 gas, e.g safes that execute extra logic in the receive/fallback function, the transfer function will always fail for them due to out of gas errors.

Recommended Mitigation: Use the ".call" opcode instead, and follow CEI to ignore re-entrancy attack.

function _refundETH(address payable _to) internal {
uint256 refundValue = etherBalance[_to];
+ etherBalance[_to] = 0;
+ (bool success, ) = _to.call{value: refundValue}("");
- _to.transfer(refundValue);
+ require(success, "Call fail");
- etherBalance[_to] = 0;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

transfer instead of call

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!