transfer is used on address payable

Lines of code Vulnerability details Proof of Concept The codebase makes heavy use of the deprecated transfer function of address payable. Its will inevitably make the transaction fail when: 1. The receiver smart contract does not implement a payable function. 2. The receiver smart contract does...

TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas.

Lines of code Vulnerability details Impact I am adding as high issue since most of the calling is done using the safeTransfer TokenHelper.solL40 : safeTransfer will revert due to insufficient gas. All the fuctions that are using the safeTransfer could fail due to insufficient gas. I see the...

Upgraded Q -> M from 868 [1666360678566]

Judge has assessed an item in Issue 868 as Medium risk. The relevant finding follows: Using .call instead of .transfer Currently it is using .transfer to transfer ETH payablepayAddress.transferpayAmt; Using deprecated transfer on address payable may revert in these cases: 1. The withdraw recipien...

Upgraded Q -> M from 238 [1663858577471]

Judge has assessed an item in Issue 238 as Medium risk. The relevant finding follows: 2. call should be used instead of transfer on an address payable Sometimes this kind of issue is considered as Medium risk. The use of the deprecated transfer function for an address will inevitably make the...

Usage of deprecated transfer to send ETH

Lines of code Vulnerability details Impact Transaction can revert Proof of Concept The original transfer used to send ETH uses a fixed stipend of 2300 gas. This was used to prevent reentrancy. However, this limit your protocol to interact with others contracts that need more than that to proceess...

Use of deprecated transfer function to send ETH

Lines of code Vulnerability details Appears in: Migration::leave, Migration::withdrawContribution Vulnerability details Using payableaddress.transfer has been deprecated in favor of using .callvalue:..."" as the proper way of sending ETH. Using transfer or send will make transactions fail when th...

Usage of deprecated transfer to send ETH

Lines of code Vulnerability details Vulnerability details The usage of address.send is considered a bad practice as it only uses 2300 gas and you create a high dependency of gas. It is true that this is only used in an emergency to transfer the funds to the vault, but it always a better practice ...

Usage of deprecated transfer to send ETH in VaultsCore.sol

Lines of code Vulnerability details Impact Smart contract is not robust as it depends on gas cost so it can fail in some circumstances. PoC The usage of transfer to send ETH is widely considered a bad practice as it limits the gas usage to 2300. msg.sender.transferamount; @Audit deprecated transf...

ALMOST DEPRECATED TRANSFER() IS USED TO WITHDRAW ETHER

Lines of code Vulnerability details Impact transfer function can cause withdrawal to fail Proof of Concept function withdraw address assetAddress, address to, uint256 amount public LibDiamond.enforceIsContractOwner; address sendTo = to == address0 ? msg.sender : to; uint256 assetBalance; if...