LineLib.sendOutTokenOrETH function use transfer to send ether #27
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-369
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L34-L51
Vulnerability details
Impact
LineLib.sendOutTokenOrETH function use transfer to send ether. If receiver is not EOA then the call can revert because of not enough amount of gas.
Proof of Concept
If payment should be done in ether, then
transfer
is called which provide 2300 amount of gas to the call. If receiver is not EOA this amount can be not enough and this will cause all payments to revert and user will not be able to get his funds.Actually all loan repayment will fail if all conditions are met.
Tools Used
VsCode
Recommended Mitigation Steps
Use
call
instead of `transfer.The text was updated successfully, but these errors were encountered: