Open code423n4 opened 2 years ago
https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L51 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L71 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L86 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/gas-service/AxelarGasService.sol#L128 https://github.com/code-423n4/2022-07-axelar/blob/main/xc20/contracts/XC20Wrapper.sol#L63
Multiple times in contracts used transfer() function for sending ether instead of recommended call(). It could lead to broken functionality in the future: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
transfer()
call()
Use call() function instead of transfer() with checking successful return result and reentrancy guard.
Duplicate of #4
re1ro
commented
2 years ago re1ro
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L51 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L71 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/deposit-service/ReceiverImplementation.sol#L86 https://github.com/code-423n4/2022-07-axelar/blob/main/contracts/gas-service/AxelarGasService.sol#L128 https://github.com/code-423n4/2022-07-axelar/blob/main/xc20/contracts/XC20Wrapper.sol#L63
Vulnerability details
Impact
Multiple times in contracts used
transfer()function for sending ether instead of recommendedcall(). It could lead to broken functionality in the future: https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/Recommended Mitigation Steps
Use
call()function instead oftransfer()with checking successful return result and reentrancy guard.