Contract HGT.sol uses transfer to send eth instead of call.
Vulnerability Detail
The contract HGT.sol uses the function transfer to send eth to the receiver. This is a problem because the receiver contract allocates only 2300 gas for the call. This can lead to out-of-gas errors if the receive function in the target contract has any code that uses more than 2300 gas.
carrotsmuggler
medium
Use
callinstead oftransferSummary
Contract
HGT.solusestransferto send eth instead ofcall.Vulnerability Detail
The contract
HGT.soluses the functiontransferto send eth to the receiver. This is a problem because the receiver contract allocates only 2300 gas for the call. This can lead to out-of-gas errors if thereceivefunction in the target contract has any code that uses more than 2300 gas.https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/HGT.sol#L43
Impact
Unable to receive gas tokens into a smart contract.
Code Snippet
https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/HGT.sol#L43
Tool used
Manual Review
Recommendation
Use
Address.call()pattern to send gas tokens instead.