Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/01/17 12:0 a.m.8 views

Deny of service in CCash.sol with "transfer" which can be unusable for smart contract calls

Lines of code Vulnerability details Impact The CCash.doTransferOut method is susceptible to denial of service. Proof of Concept The logic of the doTransferOut method in CCash is as follows: The whole user withdraw is being handled with a token.transfer call. This is unsafe as transfer has hard...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/14 12:0 a.m.8 views

Upgraded Q -> M from 221 [1665738683985]

Judge has assessed an item in Issue 221 as Medium risk. The relevant finding follows: L‑01 Don't use payable.transfer/payable.send The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient is either an EOA accoun...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.9 views

Migration's leave and withdrawContribution use payable.transfer calls with an arbitrary receiver

Lines of code Vulnerability details Migration's leave and withdrawContribution transfer out native tokens via payableto.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when msg.sender is a smart contract. Such transactions will fail for smart contract users which...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.9 views

Upgraded Q -> M from 44 [1655579898351]

Judge has assessed an item in Issue 44 as Medium risk. The relevant finding follows: 1. Usage of legacy ETH transfer function Risk Low Impact Contract ForgottenRunesWarriors for withdrawing ETH to vault uses send function, which has a fixed gas stipend and can fail. The reason behind this is that...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/28 12:0 a.m.14 views

OpenLevV1Lib's and LPool's doTransferOut functions call native payable.transfer, which can be unusable for smart contract calls

Handle hyh Vulnerability details Impact When OpenLev operations use a wrapped native token, the whole user withdraw is being handled with a payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way any programmatical usage...

6.9AI score
Exploits0
Rows per page
Query Builder