> For the complete documentation index, see [llms.txt](https://reports.immunefi.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://reports.immunefi.com/spectra-finance/43380-sc-low-missing-error-check-in-transfer_native-command.md). # #43380 \[SC-Low] Missing Error Check in TRANSFER\_NATIVE Command **Submitted on Apr 5th 2025 at 06:56:40 UTC by @Paludo0x for** [**Audit Comp | Spectra Finance**](https://immunefi.com/audit-competition/audit-comp-spectra-finance) * **Report ID:** #43380 * **Report Type:** Smart Contract * **Report severity:** Low * **Target:** * **Impacts:** * Contract fails to deliver promised returns, but doesn't lose value ## Description ## Vulnerability Details In the TRANSFER\_NATIVE command branch, the contract decodes the recipient and amount, then performs a native Ether transfer using the low-level call without checking the returned success flag. This can lead to silent failures in transferring funds. The low-level call to transfer native Ether (call{value: amount}) does not verify the return value (success). In Solidity, the call function returns a boolean indicating whether the call succeeded. Not checking this value can allow a situation in which the call fails (for example, if the recipient is a contract that reverts on receiving Ether) while the execution of the function continues normally. ## Impact Details If the transfer fails, the contract does not revert the transaction, leaving the system in an inconsistent state or causing funds not to be transferred as expected. An attacker might deliberately force transfers to fail by using a contract with a fallback function that always reverts. ## Proof of Concept The code snippet is as follows: ``` } else if (command == Commands.TRANSFER_NATIVE) { (address recipient, uint256 amount) = abi.decode(_inputs, (address, uint256)); (bool success, ) = payable(recipient).call{value: amount}(""); } ``` To mitigate this issue, it is important to check the return value of the call and revert the transaction if the transfer fails. The code should be modified as follows: ``` } else if (command == Commands.TRANSFER_NATIVE) { (address recipient, uint256 amount) = abi.decode(_inputs, (address, uint256)); (bool success, ) = payable(recipient).call{value: amount}(""); require(success, "Native transfer failed"); } ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://reports.immunefi.com/spectra-finance/43380-sc-low-missing-error-check-in-transfer_native-command.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.