Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

Limited-Gas `transfer` in withdraw() — Potential Stuck Ether

rootkit677

Limited-Gas transfer in withdraw() — Potential Stuck Ether

Description

  • Normal behaviour: withdraw() should reliably forward the contract’s ETH balance to the given target address.

  • Issue: The implementation uses Solidity’s transfer, which forwards only 2 300 gas. If target is a smart-contract wallet (e.g. Gnosis Safe) or any contract with a non-trivial fallback, the call will revert, locking funds in the FestivalPass contract.

// FestivalPass.sol
function withdraw(address target) external onlyOwner {
@> payable(target).transfer(address(this).balance); // 2 300-gas stipend
}

Risk

Likelihood:

  • Project treasury may eventually migrate to a multisig that requires >2 300 gas for its fallback.

  • Many modern wallet contracts already exceed the stipend, so the issue surfaces in routine use.

Impact:

  • ETH accumulated from pass sales can become permanently stuck until a code upgrade.

  • Creates an operational DoS and reputational damage if withdrawals fail at a critical moment.

Proof of Concept

// Deploy a Gnosis Safe as `target` (fallback ≥ 2 300 gas)
// Send 1 ether to FestivalPass, then call withdraw(target).
// The transaction reverts with ‘out of gas’ inside `.transfer`.

Recommended Mitigation

- payable(target).transfer(address(this).balance);
+ (bool ok, ) = payable(target).call{value: address(this).balance}("");
+ require(ok, "Withdraw failed");

Additionally, emit the FundsWithdrawn event to keep on-chain accounting transparent.

Updates

Lead Judging Commences

inallhonesty Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.