c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #175
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #175
c4-judge
commented
1 year ago GalloDaSballo marked the issue as not a duplicate
GalloDaSballo
commented
1 year ago L
c4-judge
commented
1 year ago
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L588
Vulnerability details
Impact
In approveProxy() there is a transfer() call to payable address (_proxy) https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L588 which can fail when 1) _proxy does not implement a payable fallback or 2) _proxy does implement a payable fallback that uses >= 2300 gas.
Proof of Concept
-User calls transfer() for faulty proxy address
-The call can fail if proxy does not have a payable fallback or if it uses more than 2300 gas
Tools Used
None
Recommended Mitigation Steps
Use call() instead of transfer() for the above case.