Platform: Code4rena
Start Date: 03/11/2022
Pot Size: $115,500 USDC
Total HM: 17
Participants: 120
Period: 7 days
Judge: LSDan
Total Solo HM: 1
Id: 174
League: ETH
Rank: 116/120
Findings: 1
Award: $5.34
π Selected for report: 0
π Solo Findings: 0
π Selected for report: __141345__
Also found by: 0xdeadbeef0x, 8olidity, Amithuddar, Bnke0x0, Ch_301, Deivitto, IllIllI, KingNFT, Nyx, RaymondFam, RedOneN, Satyam_Sharma, SmartSek, Tomo, adriro, bananasboys, carlitox477, cccz, cloudjunky, codexploder, corerouter, cryptonue, d3e4, datapunk, joestakey, martin, merlin, minhquanym, pashov, peanuts, rvierdiiev
5.3388 USDC - $5.34
call() should be used instead of transfer() on an address payable
This is a classic Code4rena issue:
https://github.com/code-423n4/2021-04-meebits-findings/issues/2 https://github.com/code-423n4/2021-10-tally-findings/issues/20 https://github.com/code-423n4/2022-01-openleverage-findings/issues/75
Impact
The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:
The claimer smart contract does not implement a payable function. The claimer smart contract does implement a payable fallback which uses more than 2300 gas unit. The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through proxy, raising the callβs gas usage above 2300.
Additionally, using higher than 2300 gas might be mandatory for some multisig wallets.
Impacted lines:
File: Line-of-Credit\contracts\utils\LineLib.sol
48,31: payable(receiver).transfer(amount);
Recommended Mitigation
I recommend using call() instead of transfer().
#0 - c4-judge
2022-11-14T17:51:57Z
dmvt marked the issue as primary issue
#1 - c4-sponsor
2022-11-30T18:08:28Z
kibagateaux marked the issue as sponsor confirmed
#2 - c4-judge
2022-12-06T14:41:48Z
dmvt marked the issue as satisfactory
#3 - C4-Staff
2022-12-20T05:56:43Z
liveactionllama marked the issue as duplicate of #369