Platform: Code4rena
Start Date: 06/12/2022
Pot Size: $36,500 USDC
Total HM: 16
Participants: 119
Period: 3 days
Judge: berndartmueller
Total Solo HM: 2
Id: 189
League: ETH
Rank: 112/119
Findings: 1
Award: $0.61
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: RaymondFam
Also found by: 0xdeadbeef0x, 0xhacksmithh, AkshaySrivastav, Awesome, Bnke0x0, CRYP70, HollaDieWaldfee, JC, Parth, Rahoz, Tutturu, __141345__, ahmedov, ajtra, asgeir, aviggiano, bin2chen, btk, carrotsmuggler, cccz, chaduke, cryptonue, dic0de, fatherOfBlocks, fs0c, hansfriese, jonatascm, karanctf, ladboy233, lumoswiz, martin, obront, pashov, pauliax, rvierdiiev, shark, simon135, supernova, tourist, yellowBirdy, zapaz, zaskoh
0.6136 USDC - $0.61
https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/FixedPrice.sol#L109 https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/OpenEdition.sol#L92
The recommended way to send ether is with call function. Using transfer could lead to running out of gas, due to the fact that it is predefined and the transfer will fail, in such scenario there won't be way to withraw any funds from the contract. Transfer may fail because there is not enough ether on sender contract's balance, or because recipient is a smart contract that does not accept payments, or needs more than 2300 gas in order to process incoming ether transfers. That's why I think high severity matches well.
ISaleFactory(factory).feeReceiver().transfer(address(this).balance / 20);
Manual audit
Use call instead. For example
(bool success, ) = ISaleFactory(factory).feeReceiver().call{value: address(this).balance / 20}(""); require(success, "Transfer failed.");
#0 - c4-judge
2022-12-13T12:03:58Z
berndartmueller marked the issue as duplicate of #99
#1 - c4-judge
2023-01-03T12:51:15Z
berndartmueller changed the severity to 2 (Med Risk)
#2 - c4-judge
2023-01-03T12:51:19Z
berndartmueller marked the issue as satisfactory