Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L588
In approveProxy() there is a transfer() call to payable address (_proxy) https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L588 which can fail when 1) _proxy does not implement a payable fallback or 2) _proxy does implement a payable fallback that uses >= 2300 gas.
-User calls transfer() for faulty proxy address -The call can fail if proxy does not have a payable fallback or if it uses more than 2300 gas
None
Use call() instead of transfer() for the above case.
GalloDaSballo marked the issue as duplicate of #175
GalloDaSballo marked the issue as not a duplicate
L
Duplicate of https://github.com/code-423n4/2022-12-tigris-findings/issues/607
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L588
Vulnerability details
Impact
In approveProxy() there is a transfer() call to payable address (_proxy) https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L588 which can fail when 1) _proxy does not implement a payable fallback or 2) _proxy does implement a payable fallback that uses >= 2300 gas.
Proof of Concept
-User calls transfer() for faulty proxy address
-The call can fail if proxy does not have a payable fallback or if it uses more than 2300 gas
Tools Used
None
Recommended Mitigation Steps
Use call() instead of transfer() for the above case.