search

code-423n4 / 2021-04-basedloans-findings

0 stars 1 forks source link

Usage of `address.transfer` #31

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The transfer function is used in Maximillion.sol to send ETH to an account.

Impact

It is performed with a fixed amount of GAS and might fail if GAS costs change in the future or if a smart contract's fallback function handler is complex.

Recommended Mitigation Steps

Consider using the lower-level .call{value: value} instead and checking its success return value.

ghoul-sol commented 3 years ago

Maximillion.sol is not being used and will be deleted.