Assessment reportsPublic findings
Back to Zellic site
Assessment reports>DfynRFQ>Informational findings>msg.sender.transfer(), function usage
GeneralOverview
Findings
Low (1)
Informational (2)Renounce ownership functionTransfer function usage
DiscussionArray index boundsGas optimizationUnnecessary safeMath calls
Audit ResultsResults
Category: Business Logic

msg.sender.transfer() function usage

Informational Severity
Informational Impact
N/A Likelihood

Description

The swapTokenToNative calls the transfer function to send requested ether amount to msg.sender account.

Impact

The transfer function uses a hardcoded amount of GAS and will fail if GAS costs increase in the future.

Recommendations

Consider using msg.sender.call.value(value)("") function:

(bool success, ) = msg.sender.call.value(amounts[1].sub(feeAmount))("");
require(success, "Transfer failed.");

Remediation

This issue has been mitigated by the Router team in commit 3be1183.

Zellic © 2025Back to top ↑