Submission Details
Severity:
sends eth to arbitrary address
Summary
in the src/inheritanceManager.sol contract and between #104 to #108, there is the use of "_to.call{...}" in the sendETH` function on line #105, it could be an issue because it doesn't send eth to the exact receiver, even if there is a check for reentrancy with the "nonReentrant" guard and a check to make sure only the owner can send eth with the "onlyOwner" check
Vulnerability Details
function sendETH(uint256 _amount, address _to) external nonReentrant onlyOwner {
*** (bool success,) = _to.call{value: _amount}("");
require(success, "Transfer Failed");
_setDeadline();
}
Impact
it is very unlikely for reentrancy to happen because of the guard but it is a good idea to make sure the eth gets sent to the right beneficiary of the eth
Tools Used
Manual review
Recommendations
function sendETH(uint256 _amount, address _to) external nonReentrant onlyOwner {
-- (bool success,) = _to.call{value: _amount}("");
++ (bool success,) = _to.Transfer{value: _amount}("");
require(success, "Transfer Failed");
_setDeadline();
}
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.