Originally submitted by warden horsefacts in #199, duplicate of #52.
EthPool and EthVault both use payable(address).transfer to transfer ETH.
Itβs considered a best practice to avoid this pattern for ETH transfers, since it forwards a fixed amount of gas and may revert if future gas costs change. (See the Consensys Diligence article here).
function _doTransferOut(address payable to, uint256 amount) internal override {
to.transfer(amount);
}
function _transfer(address to, uint256 amount) internal override {
payable(to).transfer(amount);
}
function _depositToTreasury(uint256 amount) internal override {
payable(addressProvider.getTreasury()).transfer(amount);
}
Consider using OpenZeppelin Address.sendValue, but take care to avoid reentrancy. Callers of these internal functions should be protected with a reentrancy guard.
The text was updated successfully, but these errors were encountered:
All reactions