search

sherlock-audit / 2024-02-perennial-v2-3-judging

6 stars 5 forks source link

4b - In `MultiInvoker.sol::invoke` transfer will not be compatible with some wallets #28

Closed sherlock-admin4 closed 5 months ago

sherlock-admin4 commented 5 months ago

4b

medium

In MultiInvoker.sol::invoke transfer will not be compatible with some wallets

Summary

The transfer function used in invoke won't be compatible with multi-Sig wallets & smart contract wallets.

Vulnerability Detail

In the last line of the invoke we can see remaining balance of contract is being sent to msg.sender with transfer, this is a concern because some wallets like a multi-sig wallet use more than 2300 gas so transfer wont work on those wallets leading to a revert

Impact

the transfer will revert whenever sending to any wallet that consumes more than 2300 gas

Code Snippet

    function invoke(Invocation[] calldata invocations) external payable {

       ...

        // Eth must not remain in this contract at rest
@-->        payable(msg.sender).transfer(address(this).balance);
    }

Tool used

Manual Review

Recommendation

Another method that takes into consideration all the types of wallet should be used.

Duplicate of #7

sherlock-admin4 commented 5 months ago

2 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid by sherlock rules

takarez commented:

invalid