It is not safe to use loop to transfer funds. It may never work

[fosgate29]

https://github.com/astralship/eos/blob/4a4929d7e434ff8f2aec148fd038f30fa3cf26e4/contracts/Auction.sol#L88

I checked the code again and realized there is glitch.

When you do a transfer(), execution flow is transfered to an external code. For example, If the address that you are refunding is a smart contract and it hangs or revert when receiving funds, you won´t be able to refund your users using this function.

You are safe because you have refund() and each user can go and get its funds back.

I am writing this issue just to let you know what can happen when using a loop and transfer.

[stefek99]

I see!

Their fallback function might not be payable...

And throw / revert / failure...

Pretty epic!