use call - not transfer - to enable Gnosis Safes #72
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
2300 gas forwarded by
transfer
is not enough for Gnosis Safes'receive
functionDescription
Using OpenZeppelin's Address library, switch to using
call
, nottransfer
, to send Ether.Reentrancy
fill
,sweep
, andwithdraw
.transfer
did not provide enough gas to reenter the sensitive functions such asfill
.fillPermit2
,initiate
/initiatePermit2
,enter
/enterPermit2
,exit
/exitPermit2
.Gas Cap
Previous iteration of this PR included a gas cap on ETH transfers.
Have now opted to provide un-capped gas for all ETH transfers (in tandem with reentrancy protection).
In the case of
fill
orwithdraw
, this is something to be mindful of -fill
, though swappers provide therecipient
withdraw
, though exit-ers provide therecipient
In these cases, important to be mindful of outsized gas consumption by a smart contract
recipient
.In the case of attempted malicious gas consumption,
fill
theOrder
in question.If there's an attempt to front-run a Filler's
fill
transaction and deploy a contract at therecipient
address in order to try to steal gas tokens or grief the Filler, the Filler'sfill
transaction should revert due to insufficient gas. Their transaction simulation would have provided an overall gas limit for the transaction, which would run out if the recipient suddenly consumes more gas. I believe there is no way to steal Fillers' funds through this process - if thefill
call reverts then theinitiate
transaction will also not process, thesweep
call will revert, and the only thing lost is the gas for the reverting transactions.