Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-03-volt/blob/main/contracts/mock/MockPCVDepositV2.sol#L66 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/external/WETH9.sol#L53 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/mock/MockCToken.sol#L54
The issue highlighted here will reduce gas costs and avoid hacks (https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/)
The .transfer function at the following places can be replaced with .call as the former has a hard dependency on gas costs as it forwards a fixed amount of gas: 2300. For further reference: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
.transfer
.call
Affected code snippets:
Manual
Replace .transfer with .call
None of those contracts are in scope for this audit. Closing.
Lines of code
https://github.com/code-423n4/2022-03-volt/blob/main/contracts/mock/MockPCVDepositV2.sol#L66 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/external/WETH9.sol#L53 https://github.com/code-423n4/2022-03-volt/blob/main/contracts/mock/MockCToken.sol#L54
Vulnerability details
Impact
The issue highlighted here will reduce gas costs and avoid hacks (https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/)
Proof of Concept
The
.transfer
function at the following places can be replaced with.call
as the former has a hard dependency on gas costs as it forwards a fixed amount of gas: 2300. For further reference: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/Affected code snippets:
Tools Used
Manual
Recommended Mitigation Steps
Replace
.transfer
with.call