search

code-423n4 / 2022-04-jpegd-findings

1 stars 1 forks source link

Unsafe transfer in `FungibleAssetVaultForDAO.sol::withdraw()`. #182

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/FungibleAssetVaultForDAO.sol#L201

Vulnerability details

Impact

FungibleAssetVaultForDAO.sol::withdraw() uses solidity's transfer which has a hardcoded gas budget. It is unsafe to use and may lead to unintentional consequences.

Proof of Concept

FungibleAssetVaultForDAO.sol#L201

if (collateralAsset == ETH) payable(msg.sender).transfer(amount);

Recommendation

Using solidity's low-level call with the corresponding result check or using the OpenZeppelin Address.sendValue is advised.

Tools Used

Manual.

spaghettieth commented 2 years ago

Duplicate of #39

dmvt commented 2 years ago

See comment on #39. This is a QA issue.