Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $30,000 USDC
Total HM: 6
Participants: 93
Period: 3 days
Judge: gzeon
Id: 118
League: ETH
Rank: 51/93
Findings: 1
Award: $48.59
🌟 Selected for report: 0
🚀 Solo Findings: 0
48.5872 USDC - $48.59
https://github.com/code-423n4/2022-05-runes/blob/main/contracts/ForgottenRunesWarriorsMinter.sol#L604-L611 https://github.com/code-423n4/2022-05-runes/blob/main/contracts/ForgottenRunesWarriorsMinter.sol#L613-L619
Since .send passes only 2300 gas to the call, it may be possible that every transaction will fail after calling the vault. This may not be shown in tests, especially because current gas costs may not be constant - in the future, upon a gas repricing, it may turn out to be impossible for a call with such limited gas to execute properly. This will cause fund retrieval to be impossible.
Manual analysis
Use low-level calls with no gas limit instead of a .send function.
#0 - KenzoAgada
2022-06-06T12:47:54Z
Duplicate of #254
#1 - gzeoneth
2022-06-18T17:23:24Z
This is true but also these are onlyOwner function where the owner have full control of the destination address to mitigate any issue in production. Downgrading to Low / QA.