search

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

instead of call() , transfer() is used to withdraw the ether #276

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-putty/blob/1ddbec4a5242e0160da832cb46b2b3cdbb49a8af/contracts/src/PuttyV2.sol#L336

Vulnerability details

To withdraw eth it uses transfer(), this transactions will fail inevitably when : -

The withdrawer smart contract does not implement a payable function.

Withdrawer smart contract does implement a payable fallback which uses more than 2300 gas unit

Thw withdrawer smart contract implements a payable fallback function whicn needs less than 2300 gas unit but is called through proxy that raise the call's gas usage above 2300

https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/

Proof of Concept

336:                IWETH(weth).transfer(order.maker, msg.value);

Tools Used

none

Recommended Mitigation Steps

use call instead of transfer

ecmendenhall commented 2 years ago

This is an ERC20 transfer.

berndartmueller commented 2 years ago

Duplicate of https://github.com/code-423n4/2022-06-putty-findings/issues/427