Lines of code

Vulnerability details

Impact

It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert.

Proof of Concept

        uint256 sc = uint256(uint160(0x0000000000000000000000000000000000000000));
        assembly ("memory-safe") {
            let result := call(gas(), sc, selfbalance(), 0, 0, 0, 0)
        }
    }

The return value is unchecked, even though it is cached in the function.

Tools Used

Manual Review

Recommended Mitigation Steps

Require that the result is true.
Update the function with :

   assembly ("memory-safe") {
            let result := call(gas(), sc, selfbalance(), 0, 0, 0, 0)
        }
        require(result, "Transfer FAILED");
    }

Assessed type

ETH-Transfer

The text was updated successfully, but these errors were encountered:

All reactions