[Tomo-M1] Use call instead of transfer when sending ETH
Summary
Use call instead of transfer when sending ETH
Vulnerability Detail
The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:
The claimer smart contract does not implement a payable function.
The claimer smart contract does implement a payable fallback which uses more than 2300 gas unit.
The claimer smart contract implements a payable fallback function that needs less than 2300 gas units but is called through proxy, raising the call's gas usage above 2300.
Additionally, using higher than 2300 gas might be mandatory for some multisig wallets.
You can see more detail about the risk of using transfer method.
Tomo
medium
[Tomo-M1] Use call instead of transfer when sending ETH
Summary
Use call instead of transfer when sending ETH
Vulnerability Detail
The use of the deprecated
transfer()
function for an address will inevitably make the transaction fail when:Additionally, using higher than 2300 gas might be mandatory for some multisig wallets.
You can see more detail about the risk of using transfer method.
https://solidity-by-example.org/sending-ether/
https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
Impact
Using deprecated method leads to unexpected revert for the transaction.
Code Snippet
https://github.com/sherlock-audit/2022-11-dodo/blob/main/contracts/SmartRoute/lib/UniversalERC20.sol#L22-L34
https://github.com/sherlock-audit/2022-11-dodo/blob/main/contracts/SmartRoute/DODORouteProxy.sol#L487-L492
https://github.com/sherlock-audit/2022-11-dodo/blob/main/contracts/SmartRoute/DODORouteProxy.sol#L146-L154
Tool used
Manual Review
Recommendation
Use
call()
instead oftransfer()
when transferring ETHDuplicate of #5