The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:
The claimer smart contract does not implement a payable function.
The claimer smart contract does implement a payable fallback that uses more than 2300 gas unit.
The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through a proxy, raising the call’s gas usage above 2300.
Additionally, using higher than 2300 gas might be mandatory for some multi-sig wallets.
Lines of code
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L183
Vulnerability details
The use of the deprecated
transfer()
function for an address will inevitably make the transaction fail when:Recommended Mitigation Steps
I recommend using
call()
instead oftransfer()
.