BaseStrategyVault.redeemFromNotional() can fail if receiver has a fallback function
Summary
BaseStrategyVault.redeemFromNotional() can fail because of the use of the native ETH transfer method.
Vulnerability Detail
BaseStrategyVault.redeemFromNotional() transfers transferToReceiver to the receiver using the native transfer() function. The problem is that transfer() only allows the recipient to use 2300 gas. If the recipient uses more than that, transfers will fail. This can be the case if receiver is a smart contract wallet that performs some logic in its fallback() function - such as splitting payment to the wallet owners.
In the future gas costs might change increasing the likelihood of that happening.
joestakey
medium
BaseStrategyVault.redeemFromNotional()can fail ifreceiverhas a fallback functionSummary
BaseStrategyVault.redeemFromNotional()can fail because of the use of the native ETHtransfermethod.Vulnerability Detail
BaseStrategyVault.redeemFromNotional()transferstransferToReceiverto thereceiverusing the nativetransfer()function. The problem is thattransfer()only allows the recipient to use 2300 gas. If the recipient uses more than that, transfers will fail. This can be the case ifreceiveris a smart contract wallet that performs some logic in itsfallback()function - such as splitting payment to the wallet owners. In the future gas costs might change increasing the likelihood of that happening.Proof Of Concept
Run the test in
Transfer.t.solfrom this private gist.It tries to send ETH using a function via
transfer()to two wallets:You can see that the transfer to
wallet1fails with an out of gas error, while the transfer towallet2works properly.Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/BaseStrategyVault.sol#L181
Tool used
Manual Review, Foundry
Recommendation
Use
call()insteadDuplicate of #63