LineLib.sendOutTokenOrETH()
may not be compatible with contract receiver because of use of transfer()
#500
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-369
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/LineLib.sol#L48
Vulnerability details
Impact
LineLib.sendOutTokenOrETH()
may revert when itsreceiver
is a contract, preventing it from receiving ETH, and thus from much of the functionality of the protocol.Proof of Concept
LineLib.sendOutTokenOrETH()
is as follows.In the case ETH is to be sent it calls
payable(receiver).transfer(amount)
.transfer()
forwards only 2300 gas which may cause a receiver contract to revert if it consumes more than this upon reception, or if gas costs change in the future. See https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/.Note the comment
Send ETH or ERC20 token from this contract to an external contract
, so it is indeed the intention to send ETH to a contract.Tools Used
Code inspection
Recommended Mitigation Steps
Use
call()
instead, checking the return value and protecting against reentrancy.The text was updated successfully, but these errors were encountered: