Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L31
The use of transfer in WithdrawFacet.sol to send ether is now considered bad practice as gas costs can change which would break the code.
WithdrawFacet.sol to
if (_assetAddress == NATIVE_ASSET) { address self = address(this); // workaround for a possible solidity bug assert(_amount <= self.balance); payable(sendTo).transfer(_amount);
https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
https://chainsecurity.com/istanbul-hardfork-eips-increasing-gas-costs-and-more/
Recommend using call instead, and make sure to check for reentrancy.
Duplicate of #14
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L31
Vulnerability details
Impact
The use of transfer in
WithdrawFacet.sol to
send ether is now considered bad practice as gas costs can change which would break the code.Proof of Concept
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L31
Tools Used
https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
https://chainsecurity.com/istanbul-hardfork-eips-increasing-gas-costs-and-more/
Recommended Mitigation Steps
Recommend using call instead, and make sure to check for reentrancy.