Contract HGT.sol uses transfer to send eth instead of call.
Vulnerability Detail
The contract HGT.sol uses the function transfer to send eth to the receiver. This is a problem because the receiver contract allocates only 2300 gas for the call. This can lead to out-of-gas errors if the receive function in the target contract has any code that uses more than 2300 gas.
carrotsmuggler
medium
Use
call
instead oftransfer
Summary
Contract
HGT.sol
usestransfer
to send eth instead ofcall
.Vulnerability Detail
The contract
HGT.sol
uses the functiontransfer
to send eth to the receiver. This is a problem because the receiver contract allocates only 2300 gas for the call. This can lead to out-of-gas errors if thereceive
function in the target contract has any code that uses more than 2300 gas.https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/HGT.sol#L43
Impact
Unable to receive gas tokens into a smart contract.
Code Snippet
https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/HGT.sol#L43
Tool used
Manual Review
Recommendation
Use
Address.call()
pattern to send gas tokens instead.