Skip to main content

Non payable transferred value

Description

Exploit Scenario

Consider the following function.

    #[ink(message)]
    pub fn something(&self) -> bool {
        self.env().transferred_value() > 0
    }

This function is not payable as it does not have the #[ink(payable)] attribute, but it checks for self.env().transferred_value() and it will always evaluate to 0 if the function is not payable.

Remediation

Make the function payable if you want to check the transferred value.

    #[ink(message, payable)]
    pub fn something(&self) -> bool {
        self.env().transferred_value() > 0
    }