4 matches found
Upgraded Q -> M from #454 [1670445333683]
Judge has assessed an item in Issue 454 as M risk. The relevant finding follows: L‑01 Don't use payable.transfer/payable.send The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient is either an EOA account, or...
Upgraded Q -> M from #76 [1670347574630]
Judge has assessed an item in Issue 76 as M risk. The relevant finding follows: L02 address.callvalue:x should be used instead of payable.transfer Impact The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient...
Upgraded Q -> M from 221 [1665738683985]
Judge has assessed an item in Issue 221 as Medium risk. The relevant finding follows: L‑01 Don't use payable.transfer/payable.send The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient is either an EOA accoun...
EthPool use payable.transfer with an arbitrary receiver
Lines of code Vulnerability details Impact EthPool sends out native tokens via payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the to is a smart contract. Such transactions will fail for smart contract users which don't fit to 2300 gas stipend transfe...