Last updated: February 09, 2026

SCWE-078: Improper Handling of Ether Transfers

Stable Version v1.0

This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships¶

CWE-703: Improper Check or Handling of Exceptional Conditions
https://cwe.mitre.org/data/definitions/703.html

Description¶

Improper handling of Ether transfers in Solidity can lead to unexpected behaviors, such as failed transactions or loss of funds. For instance, when using transfer() or send(), failure to check for successful execution or not handling exceptions correctly can cause Ether to be locked or lost in the contract.

Remediation¶

Always handle exceptions properly when transferring Ether. Ensure that you check for success or failure using require() or assert() after Ether transfers. Additionally, use call() with a specified gas limit for greater flexibility and error handling.

Vulnerable Contract Example¶

pragma solidity ^0.8.0;

contract Example {
    function transferEther(address payable _to) public payable {
        // Fails silently if transfer fails
        _to.transfer(msg.value);  // No error handling, can cause issues
    }
}

Fixed Contract Example¶

pragma solidity ^0.8.0;

contract Example {
    function transferEther(address payable _to) public payable {
        (bool success, ) = _to.call{value: msg.value}("");
        require(success, "Transfer failed");
    }
}