Use of unsafe transfer() #134
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
duplicate
This issue or pull request already exists
Handle
p4st13r4
Vulnerability details
Impact
Contracts in the folder
basket/contracts/singleJoinExit
makes use of unsafeaddress.transfer()
method.The use of such function could have unintended outcomes on the eth being sent to the receiver. Funds can potentially be lost if:
The latter situation may occur in the instance of gas cost changes. The impact would mean that any contracts receiving funds would potentially be unable to retrieve funds
Proof of Concept
Affected lines are here:
Tools Used
Editor
Recommended Mitigation Steps
Consider using
address.call{value: v}("")
and checking the return value or OpenzeppelinAddress
library insteadThe text was updated successfully, but these errors were encountered: