c-plus-plus-equals-c-plus-one
commented
1 month ago Issues only outlining a recommendation and that don't point out the outcoming impacts are considered invalid, as per Sherlock docs.
Open sherlock-admin2 opened 1 month ago
c-plus-plus-equals-c-plus-one
commented
1 month ago Issues only outlining a recommendation and that don't point out the outcoming impacts are considered invalid, as per Sherlock docs.
bareli
Medium
Send ether with call instead of transfer
Summary
Use call instead of transfer to send ether. And return value must be checked if sending ether is successful or not. Sending ether with the transfer is no longer recommended.
Vulnerability Detail
function withdrawAmountVariablePending() public { uint256 amount = variableToPendingWithdrawalAmount[msg.sender]; variableToPendingWithdrawalAmount[msg.sender] = 0; @>> payable(msg.sender).transfer(amount); }
Impact
Code Snippet
https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L656
Tool used
Manual Review
Recommendation
use call instead of transfer.