Skip to content

[Security][Low][rescueETH] transfer() with 2300 gas stipend can permanently lock ETH #13

New issue
New issue
Closed
Closed
[Security][Low][rescueETH] transfer() with 2300 gas stipend can permanently lock ETH#13
Labels
component:soliditySolidity/Yul codefrom-auditFinding from security auditsecuritySecurity-related issuesseverity:lowLow severity findingtool:auditAgentFound by Nethermind AuditAgent
@igor53627

Description

@igor53627
igor53627
opened on Jan 3, 2026

Summary

rescueETH() uses Solidity .transfer() which forwards only 2300 gas. If owner is a smart contract with a gas-intensive receive/fallback, ETH recovery will always revert.

Audit Source

Location

src/LIQFlashYul.sol - lines 256-259

function rescueETH() external {
    require(msg.sender == owner, "NOT_OWNER");
    payable(owner).transfer(address(this).balance);
}

Impact

  • Permanent loss of ETH if owner is a contract requiring >2300 gas
  • ETH can accumulate via receive() and fallback()

Severity Justification

Low - Only affects owner, easily avoided by using an EOA owner. However, could cause permanent fund loss.

Proposed fix (Oracle, unreviewed):

Use call pattern:

function rescueETH() external {
    require(msg.sender == owner, "NOT_OWNER");
    (bool success, ) = owner.call{value: address(this).balance}("");
    require(success, "ETH_TRANSFER_FAILED");
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    component:soliditySolidity/Yul codefrom-auditFinding from security auditsecuritySecurity-related issuesseverity:lowLow severity findingtool:auditAgentFound by Nethermind AuditAgent

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions