GalloDaSballo
commented
2 years ago Downgrading to QA in lack of any real POC.
Note: I have tested the gas cost to transfer to Gnosis Safe, it's less than 2300
Closed code423n4 closed 2 years ago
GalloDaSballo
commented
2 years ago Downgrading to QA in lack of any real POC.
Note: I have tested the gas cost to transfer to Gnosis Safe, it's less than 2300
Lines of code
https://github.com/Plex-Engineer/lending-market-v2/blob/2646a7676b721db8a7754bf5503dcd712eab2f8a/contracts/Maximillion.sol#L43 https://github.com/Plex-Engineer/lending-market-v2/blob/2646a7676b721db8a7754bf5503dcd712eab2f8a/contracts/WETH.sol#L31 https://github.com/Plex-Engineer/lending-market-v2/blob/2646a7676b721db8a7754bf5503dcd712eab2f8a/contracts/CEther.sol#L150 https://github.com/Plex-Engineer/lending-market-v2/blob/2646a7676b721db8a7754bf5503dcd712eab2f8a/spec/certora/contracts/mcd/join.sol#L133 https://github.com/Plex-Engineer/lending-market-v2/blob/89212fb4c5b999a21447c7a1bd1a6c4c1527353a/contracts/Stableswap/BaseV1-periphery.sol#L291 https://github.com/Plex-Engineer/lending-market-v2/blob/89212fb4c5b999a21447c7a1bd1a6c4c1527353a/contracts/Stableswap/BaseV1-periphery.sol#L291
Vulnerability details
Impact
The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:
Proof of Concept
The claimer smart contract does not implement a payable function. The claimer smart contract does implement a payable fallback which uses more than 2300 gas unit. The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through proxy, raising the call’s gas usage above 2300. Additionally, using higher than 2300 gas might be mandatory for some multisig wallets.
Recommended Mitigation Steps
I recommend using call() instead of transfer().