payable(msg.sender).transfer(toTransfer);
feeRecipient.transfer(address(this).balance);
It is no longer recommended to use .transfer when sending ether as recipients with custom fallback functions (smart contracts) will not be able to handle that. You can read more here: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Shadowfiend
commented
2 years ago
Handle
pauliax
Vulnerability details
Impact
payable(msg.sender).transfer(toTransfer); feeRecipient.transfer(address(this).balance); It is no longer recommended to use .transfer when sending ether as recipients with custom fallback functions (smart contracts) will not be able to handle that. You can read more here: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Recommended Mitigation Steps
Solution (make sure to keep nonReentrant): https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol#L53-L59