some smart contract vault users will not be able to withdraw
Summary
Some smart contract vault users will not be able to withdraw
Vulnerability Detail
When withdrawing ETH from the saffron's vault, transfer() is used, instead of call{}(). However in case the msg.sender is a smart contract, it's fallback or receive function might cost more than 2300 gas(transfer's max gas cost). This will lead to withdraw failures and stuck ETH in the vault
/// @notice withdrawal of funds for Variable side
function withdrawAmountVariablePending() public {
uint256 amount = variableToPendingWithdrawalAmount[msg.sender];
variableToPendingWithdrawalAmount[msg.sender] = 0;
payable(msg.sender).transfer(amount); <@
}
Affected functions: LidoVault::withdrawAmountVariablePending() and LidoVault::finalizeVaultOngoingVariableWithdrawals()
dinkras_
High
some smart contract vault users will not be able to withdraw
Summary
Some smart contract vault users will not be able to withdraw
Vulnerability Detail
When withdrawing ETH from the saffron's vault,
transfer()is used, instead ofcall{}(). However in case themsg.senderis a smart contract, it's fallback or receive function might cost more than2300 gas(transfer's max gas cost). This will lead to withdraw failures and stuck ETH in the vaultAffected functions:
LidoVault::withdrawAmountVariablePending()andLidoVault::finalizeVaultOngoingVariableWithdrawals()https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L653-L657 https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L610-L613
Impact
Smart contracts with custom fallback/receive functions will revert and not receive the withdrawals. Stuck funds in the vault
Code Snippet
Tool used
Manual Review
Recommendation
Use
callinstead oftransferfor transferring ETH. Protect from reentrancy possibilities if needed, after this change.