Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-10-TRADERJOE-FINDINGS-ISSUES-375
HistoryOct 23, 2022 - 12:00 a.m.

TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas.

2022-10-2300:00:00
Code4rena
github.com
9
vulnerability impact
function usage
deprecated transfer function
revert due to insufficient gas
mitigation steps
eoa limitation
JSON

Lines of code

Vulnerability details

Impact

I am adding as high issue since most of the calling is done using the safeTransfer

TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas.

All the fuctions that are using the safeTransfer could fail due to insufficient gas.

I see the LBPair.sol is using this function for transfer.
Refer the following lines of codes.

<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBPair.sol#L408&gt;
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBPair.sol#L411&gt;
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBPair.sol#L435-L436&gt;
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBPair.sol#L598&gt;
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBPair.sol#L603&gt;
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBPair.sol#L673-L674&gt;

#Proof of Concept

function safeTransfer(
    IERC20 token,
    address recipient,
    uint256 amount
) internal {
    if (amount != 0) {
        (bool success, bytes memory result) = address(token).call(
            abi.encodeWithSelector(token.transfer.selector, recipient, amount)
        );


        _catchTransferError(success, result);
    }
}

It is well know issue that using the transfer function could revert due to insufficient gas. call code is using token.transfer.selector

The use of the deprecated transfer() function will inevitably make the call to execute() fail when:

The receiver smart contract implements a payable fallback which uses more than 2300 gas unit.
The receiver smart contract implements a payable fallback function that needs less than 2300 gas units but is called through proxy, raising the call’s gas usage above 2300.
Moreover, using higher than 2300 gas might be mandatory for some multisig wallets.

Thus, when creating a sell order, users will be limited to using an EOA or smart contracts with low gas consumption when receiving ETH.

Tools Used

VS code

Recommended Mitigation Steps

Use call code for transaction. Follow the standard procedure that most of the major protocol follow.
Consider using call() instead of transfer(), and make sure to check for reentrancy.

The text was updated successfully, but these errors were encountered:

All reactions

JSON