Platform: Code4rena
Start Date: 06/12/2022
Pot Size: $36,500 USDC
Total HM: 16
Participants: 119
Period: 3 days
Judge: berndartmueller
Total Solo HM: 2
Id: 189
League: ETH
Rank: 115/119
Findings: 1
Award: $0.61
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: RaymondFam
Also found by: 0xdeadbeef0x, 0xhacksmithh, AkshaySrivastav, Awesome, Bnke0x0, CRYP70, HollaDieWaldfee, JC, Parth, Rahoz, Tutturu, __141345__, ahmedov, ajtra, asgeir, aviggiano, bin2chen, btk, carrotsmuggler, cccz, chaduke, cryptonue, dic0de, fatherOfBlocks, fs0c, hansfriese, jonatascm, karanctf, ladboy233, lumoswiz, martin, obront, pashov, pauliax, rvierdiiev, shark, simon135, supernova, tourist, yellowBirdy, zapaz, zaskoh
0.6136 USDC - $0.61
https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/LPDA.sol#L105
Using payable.transfer() is not recommended because it can lead to the locking of funds.
The transfer() call requires that the recipient has a payable callback, and only provides 2300 gas for its operation. This means the following cases can cause the transfer to fail:
The contract does not have a payable callback
The contract's payable callback spends more than 2300 gas (which is only enough to emit something)
The contract is called through a proxy which itself uses up the 2300 gas
If a user falls into one of the above categories, they'll be unable to receive funds from the vault in a migration wrapper.
Line 105: payable(msg.sender).transfer(owed);
As we can see line 105 uses payable.transfer()
Stop Using Solidity's transfer() Now
Use address.call{value:x}() instead
#0 - c4-judge
2022-12-10T00:29:46Z
berndartmueller marked the issue as duplicate of #99
#1 - c4-judge
2023-01-03T12:46:07Z
berndartmueller marked the issue as satisfactory