BaseStrategyVault.redeemFromNotional() can fail if receiver has a fallback function
Summary
BaseStrategyVault.redeemFromNotional() can fail because of the use of the native ETH transfer method.
Vulnerability Detail
BaseStrategyVault.redeemFromNotional() transfers transferToReceiver to the receiver using the native transfer() function. The problem is that transfer() only allows the recipient to use 2300 gas. If the recipient uses more than that, transfers will fail. This can be the case if receiver is a smart contract wallet that performs some logic in its fallback() function - such as splitting payment to the wallet owners.
In the future gas costs might change increasing the likelihood of that happening.
joestakey
medium
BaseStrategyVault.redeemFromNotional()
can fail ifreceiver
has a fallback functionSummary
BaseStrategyVault.redeemFromNotional()
can fail because of the use of the native ETHtransfer
method.Vulnerability Detail
BaseStrategyVault.redeemFromNotional()
transferstransferToReceiver
to thereceiver
using the nativetransfer()
function. The problem is thattransfer()
only allows the recipient to use 2300 gas. If the recipient uses more than that, transfers will fail. This can be the case ifreceiver
is a smart contract wallet that performs some logic in itsfallback()
function - such as splitting payment to the wallet owners. In the future gas costs might change increasing the likelihood of that happening.Proof Of Concept
Run the test in
Transfer.t.sol
from this private gist.It tries to send ETH using a function via
transfer()
to two wallets:You can see that the transfer to
wallet1
fails with an out of gas error, while the transfer towallet2
works properly.Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/BaseStrategyVault.sol#L181
Tool used
Manual Review, Foundry
Recommendation
Use
call()
insteadDuplicate of #63