Gas Limit Manipulation Possible by 1/64 Rule

What it detects

Prior to EIP-150, only a fraction of gas was forwarded when calling another contract. Using send or transfer forwards exactly 2300 gas, which can be exploited to block logic if more gas is needed. The detector highlights such calls that rely on limited gas forwarding.

Typical symptoms

Use of transfer to send ether
Contract assumes recipient code cannot execute complex logic

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract GasTrap {
    function pay(address payable to) external {
        // Only 2300 gas forwarded, recipient may revert
        to.transfer(1 ether);
    }
}

Why it matters on EVM

Attackers can manipulate gas costs or deliberately revert to lock funds or disrupt execution when calls rely on the 2300 gas stipend.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM