Usage of address.transfer #191
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
duplicate
This issue or pull request already exists
Handle
cmichel
Vulnerability details
The
address.transfer
function is used to send ETH to an account.It is restricted to a low amount of GAS and might fail if GAS costs change in the future or if a smart contract's fallback function handler implements anything non-trivial.
See:
SingleNativeTokenExit.exitEth
SingleNativeTokenExitV2.exitEth
EthSingleTokenJoin.joinTokenEth
EthSingleTokenJoinV2.joinTokenEth
Recommended Mitigation Steps
Consider using the lower-level
.call{value: value}
instead and check its success return value.The text was updated successfully, but these errors were encountered: