c4-judge
commented
1 year ago berndartmueller marked the issue as unsatisfactory: Insufficient proof
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago berndartmueller marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/OpenEdition.sol#L87-L95
Vulnerability details
Impact
Unprotected call to a function sending Ether to an arbitrary address. This can be exploited by attackers .
Proof of Concept
function finalize() public { Sale memory temp = sale; require(block.number >= temp.endTime, "TOO SOON"); ISaleFactory(factory).feeReceiver().transfer(address(this).balance / 20); _end(temp); }
Tools Used
Slither Echidna Mythx
Recommended Mitigation Steps
Use .call() instead of .transfer() . consider using block.number instead of block.timestamp.