The withdraw function in WithdrawFacet uses the native transfer keyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances:
The receiver consumes more than 2300 amounts of gas when receiving the ETH.
Even if the receiver consumes less than 2300 amount of gas, the consumed gas amount could change in the future when hard forks happen and therefore could exceed the limit.
H3xept
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/WithdrawFacet.sol#L31
Vulnerability details
Impact
The
withdrawfunction inWithdrawFacetuses the nativetransferkeyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances:Proof of Concept
WithdrawFacet.sol#L31
Recommended Mitigation Steps
Consider using a low-level call to send ETH, for example, the
LibAsset.transferNativeAssetfunction.