function mint() external payable reentrancyGuard returns (uint) {
...
if (msg.value > salePrice) {
msg.sender.transfer(msg.value.sub(salePrice));
}
beneficiary.transfer(salePrice);
function withdraw(uint amount) external {
...
msg.sender.transfer(amount);
Tools Used
Recommended Mitigation Steps
Consider using the following construction instead:
(bool success, / bytes memory response/) = msg.sender.call{value: amount}('');
require(success, "Pay was not successful.");
Handle
gpersoon
Vulnerability details
Impact
The transfer function is used to transfer ETH.
However it is recommended to use "call" https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Proof of Concept
function mint() external payable reentrancyGuard returns (uint) { ... if (msg.value > salePrice) { msg.sender.transfer(msg.value.sub(salePrice)); } beneficiary.transfer(salePrice);
Tools Used
Recommended Mitigation Steps
Consider using the following construction instead: (bool success, / bytes memory response/) = msg.sender.call{value: amount}(''); require(success, "Pay was not successful.");