Platform: Code4rena
Start Date: 06/12/2022
Pot Size: $36,500 USDC
Total HM: 16
Participants: 119
Period: 3 days
Judge: berndartmueller
Total Solo HM: 2
Id: 189
League: ETH
Rank: 113/119
Findings: 1
Award: $0.61
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: RaymondFam
Also found by: 0xdeadbeef0x, 0xhacksmithh, AkshaySrivastav, Awesome, Bnke0x0, CRYP70, HollaDieWaldfee, JC, Parth, Rahoz, Tutturu, __141345__, ahmedov, ajtra, asgeir, aviggiano, bin2chen, btk, carrotsmuggler, cccz, chaduke, cryptonue, dic0de, fatherOfBlocks, fs0c, hansfriese, jonatascm, karanctf, ladboy233, lumoswiz, martin, obront, pashov, pauliax, rvierdiiev, shark, simon135, supernova, tourist, yellowBirdy, zapaz, zaskoh
0.6136 USDC - $0.61
https://github.com/code-423n4/2022-12-escher/blob/main/src/minters/LPDA.sol#L105
In LPDA.sol, using transfer() may cause ETH to be un-retrievable if the msg.sender is a smart contract. ETH can potentially be lost if:
File: LPDA.sol Line 105
payable(msg.sender).transfer(owed);
Use call() with a success check instead of transfer().
For example:
(bool success, ) = payable(msg.sender).call{ value: owed }(''); require(success, "Transfer failed");
#0 - c4-judge
2022-12-10T00:29:56Z
berndartmueller marked the issue as duplicate of #99
#1 - c4-judge
2023-01-03T12:46:21Z
berndartmueller marked the issue as satisfactory