Platform: Code4rena
Start Date: 27/05/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 58
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 15
Id: 131
League: ETH
Rank: 16/58
Findings: 1
Award: $737.78
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: peritoflores
737.784 USDC - $737.78
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/swappers/SwapperRouter.sol#L140 https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/swappers/SwapperRouter.sol#L280
Usage of deprecated transfer Swap can revert.
The original transfer used to send eth uses a fixed stipend 2300 gas. This was used to prevent reentrancy. However this limit your protocol to interact with others contracts that need more than that to proceess the transaction
A good article about that
https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Used call instead. For example
(bool success, ) = msg.sender.call{amount}(""); require(success, "Transfer failed.");
#0 - GalloDaSballo
2022-06-19T21:04:42Z
While submission is lazy in that it doesn't show the ways in which it could revert, (for example most of the times even a transfer to a gnosis-safe will not revert as the gas stipend is sufficient)
It's true that transfers gas stipend may run out, causing reverts
For this reason I agree with Med Severity