Some contracts can contain some logic in their receive/fallback function, and these kind of contracts won't be able to receive native tokens because of the usage of transfer which limits the gas to 2300.
This can lead to the user not being able to get native tokens, either from refunds, excess gas fees or unwrap of wrapped native tokens.
re1ro
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L23 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L51 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L71 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/deposit-service/ReceiverImplementation.sol#L86 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L128 https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/gas-service/AxelarGasService.sol#L144
Vulnerability details
Impact
Some contracts can contain some logic in their receive/fallback function, and these kind of contracts won't be able to receive native tokens because of the usage of transfer which limits the gas to 2300.
This can lead to the user not being able to get native tokens, either from refunds, excess gas fees or unwrap of wrapped native tokens.
Proof of Concept
https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Tools Used
Manual audit (VS Code & my mind)
Recommended Mitigation Steps
Use a low level call instead of the transfer function to transfer native tokens to other addresses.