The transfer function is using in _refundETH function
Summary
The primary goal of the _refundETH function is to facilitate the process of refunding ETH to a specified address.
Vulnerability Details
In the _refundETH function, the transfer method is used to move ETH from one address to another.
The transfer function imposes a fixed gas limit of 2300 gas for the execution of the fallback or receive function in the recipient contract. This can cause transactions to fail if the recipient contract needs more than 2300 gas to execute its logic.
Impact
If the recipient is a smart contract, the transaction will revert if the recipient contract requires more than 2300 gas to execute its logic. Consequently, the ETH funds will be blocked within the protocol.
Tools Used
manual review
Recommendations
Using the call method with proper error handling and gas forwarding can be a more flexible and secure way to send Ether.
The call method does not impose a fixed gas limit and allows for more flexibility in handling complex logic or interacting with other contracts
Lead Judging Commences
transfer instead of call
transfer instead of call
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.