search

sherlock-audit / 2024-02-rio-network-core-protocol-judging

4 stars 4 forks source link

MatricksDeCoder - Hardcoded gas #390

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

MatricksDeCoder

medium

Hardcoded gas

Summary

Avoid hardcoding of gas allowance in ETH transfers, low level function calls etc

Vulnerability Detail

Gas sent for trasnferETH in Asset.sol is hardcoded https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/4f01e065c1ed346875cf5b05d2b43e0bcdb4c849/rio-sherlock-audit/contracts/utils/Asset.sol#L42

Impact

Hardcoding gas can lead to functions reverting, sending of ETH failing, contracts failing to do any other mechanisms when receiving the ETH due to gas limit. Gas on Ethereum and OPCODES is always changing so there is no telling that a figure or 10_000 may still be ideal in the future

Code Snippet

function transferETH(address recipient, uint256 amount) internal {
        (bool success,) = recipient.call{value: amount, gas: 10_000}('');
        if (!success) {
            revert ETH_TRANSFER_FAILED();
        }
    }

Tool used

Manual Review

Recommendation

Never recommended to hardcode gas rather ensure functions and processes affected and connected have sufficient reentrancy protection 


(bool success,) = recipient.call{value: amount}('');

Duplicate of #185