Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ostium>Informational findings>Using ,transfer, instead of ,call, might revert
GeneralOverview
Findings
Critical (2)
High (3)
Medium (6)
Low (6)
Informational (2)Using `transfer` instead of `call` might revertChainlink feed ID not checked in upkeep
DiscussionRemoval of trading pairs is not supportedIncorrect last updated block number for TP and SLTradeUtils used as a library for address
Threat ModelWhat are threat models?Delegatable.solOstiumOpenPnl.solOstiumTrading.solOstiumVault.sol
Audit ResultsSummary
Category: Business Logic

Using transfer instead of call might revert

Informational Severity
Informational Impact
N/A Likelihood

Description

The OstiumPriceUpKeep contract defines a function named withdrawEth that could be called by the governance to withdraw any ETH in this contract:

function withdrawEth() external onlyGov {
    uint256 amount = address(this).balance;
    if (amount == 0) {
        revert EmptyBalance();
    }
    emit EthWithdrawn(msg.sender, amount);
    payable(msg.sender).transfer(amount);
}

If the governance address is a smart contract, the transfer call could revert if

  1. The smart contract fails to implement a payable fallback function.

  2. The fallback function uses more than 2,300 gas units.

Impact

ETH might be stuck in the contract if the transfer fails.

Recommendations

We recommend using low-level call.value(amount) with the corresponding result check.

Remediation

This issue has been acknowledged by Ostium Labs, and a fix was implemented in commit f6257142.

Zellic © 2024Back to top ↑