Last updated: March 11, 2025

SCWE-078: Improper Handling of Ether Transfers

Stable Version v0.0.1

This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-703: Improper Check or Handling of Exceptional Conditions
  https://cwe.mitre.org/data/definitions/703.html

Description

Improper handling of Ether transfers in Solidity can lead to unexpected behaviors, such as failed transactions or loss of funds. For instance, when using transfer() or send(), failure to check for successful execution or not handling exceptions correctly can cause Ether to be locked or lost in the contract.

Remediation

Always handle exceptions properly when transferring Ether. Ensure that you check for success or failure using require() or assert() after Ether transfers. Additionally, use call() with a specified gas limit for greater flexibility and error handling.

Vulnerable Contract Example

contract Example {
    function transferEther(address payable _to) public payable {
        // Fails silently if transfer fails
        _to.transfer(msg.value);  // No error handling, can cause issues
    }
}

Fixed Contract Example

contract Example {
    function transferEther(address payable _to) public payable {
        // Properly check for success
        require(_to.send(msg.value), "Transfer failed");  // Using require to check for failure
    }
}