code-423n4 / 2022-07-ens-findings

0 stars 0 forks source link

`call()` should be used instead of `transfer()` on an address payable #112

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L183

Vulnerability details

The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:

The claimer smart contract does not implement a payable function.
The claimer smart contract does implement a payable fallback that uses more than 2300 gas unit.
The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through a proxy, raising the call’s gas usage above 2300. Additionally, using higher than 2300 gas might be mandatory for some multi-sig wallets.

File:  main/contracts/ethregistrar/ETHRegistrarController.sol

183:     payable(msg.sender).transfer
204:     payable(msg.sender).transfer(msg.value - price.base);
211:     payable(owner()).transfer(address(this).balance);

Recommended Mitigation Steps

I recommend using call() instead of transfer().

jefflau commented 2 years ago

Duplicate of #133