Open
Description
Lines of code
Vulnerability details
The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either lead to the transaction reverting (when there are no longer sufficient funds for later iterations), or to the contract being drained (when the contract itself has an Eth balance)
File: contracts/TapiocaWrapper.sol
140 for (uint256 i = 0; i < _call.length; i++) {
141 (success, results[i]) = payable(_call[i].toft).call{
142 value: msg.value
143 }(_call[i].bytecode);
144 if (_call[i].revertOnFailure && !success) {
145 revert TapiocaWrapper__TOFTExecutionFailed(results[i]);
146 }
147: }
Assessed type
other