USE OF .TRANSFER() MAY REVERT #102
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-369
partial-50
Comments
code423n4
added
2 (Med Risk)
|
dmvt marked the issue as duplicate of #14 |
|
dmvt marked the issue as partial-50 |
|
liveactionllama marked the issue as duplicate of #369 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/LineLib.sol#L48
Vulnerability details
Impact
transfer() uses a fixed amount of gas, which can result in revert.
transfer() uses a fixed amount of gas, which was used to prevent reentrancy. However this limit your protocol to interact with others contracts that need more than that to process the transaction.
Proof of Concept
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/LineLib.sol#L48
Tools Used
Manuel review
Recommended Mitigation Steps
Consider using .call() instead with the checks-effects-interactions pattern implemented correctly. Careful consideration needs to be made to prevent reentrancy.
The text was updated successfully, but these errors were encountered: