Potential inability to work with non-EOA accounts when ETH is used as asset #448
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-369
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L48
Vulnerability details
Impact
Potential impossibility to work with smart contracts wallets or any kind of contract with custom logic in the fallback function.
The usage of the
transfer
function for ETH transfers is not recommended, because it reverts on failure and it only forwards a gas stipend of 2300 gas units. If the recipient is an EOA is not a problem. However, the recipient could be any sort of contract (such as multisig or a smart contract wallet) with custom logic within the fallback function that could spend more than the given gas stipend, making the call fail.Steps to reproduce
Recommended Mitigation Steps
Two alternatives:
The text was updated successfully, but these errors were encountered: