Open code423n4 opened 2 years ago
Explicit Compiler Version Not Stated
Low
An outdated version of Solidity containing known vulnerabilities could be used to compile the smart contract:
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L2
Remove the caret from the pragma directive.
Vulnerable "transfer()" Function in Use
The WithdrawFacet.sol contract is using transfer() which is considered insecure as this function has a fixed gas price.
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L31
Use call() alongside ReentrancyGuard rather than the transfer() function.
Vulnerability details
Explicit Compiler Version Not Stated
Impact
Low
Proof of Concept
An outdated version of Solidity containing known vulnerabilities could be used to compile the smart contract:
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L2
Recommended Mitigation Steps
Remove the caret from the pragma directive.
Vulnerability details
Vulnerable "transfer()" Function in Use
Impact
Low
Proof of Concept
The WithdrawFacet.sol contract is using transfer() which is considered insecure as this function has a fixed gas price.
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L31
Recommended Mitigation Steps
Use call() alongside ReentrancyGuard rather than the transfer() function.