Unchecked Low Level Calls

In Solidity, there are operations known as "external calls" that require developers to manually confirm their success. This differs from operations that automatically trigger an exception when they fail.

If an external call fails but isn't properly verified, the contract will continue executing as if the call succeeded. This can lead to unexpected and potentially exploitable behaviour in the contract.

Thus we need to explicitly check the status of the call executed.

Here, contract VulnerableBank helps in transferring either from one user to another

• The transferEther() function gets an address as input and transfers the entire amount of ether sent with the transaction to the given address using the transfer() .
• At line 5: the function does not check the return value of the transfer() function to see if the transfer succeeded.
• Due to gas constraints, the transfer of either fails at line 5
• The ether will be lost, but the function will continue executing as if the transfer succeeded
• Even after failing at line 5, instead of reverting, the function continues executing line 6 and updates totalEtherTransfers
• These kind of executions leads to unintended consequences

• Here at line 5 we get the status of the call and validate the status explicity at line 6

Here the scenario of unchecked Ether transfer is explained and shown through API

other similar variations include:

• unchecked call
• unchecked ERC20 transfer