Kinetic Disclosed Report

https://github.com/kinetic-market/public-money-market-contracts

The claimEther() function allows users to claim the available Ether rewards. In this function, the protocol uses a call to transfer Ether to the user with a specified gas limit of 4029. The issue arises when the msg.sender is a contract because, upon receiving the Ether, the contract may perform additional operations. This could lead to an "out of gas" error if the contract's operations exceed the provided gas limit.

  function claimEther() external nonReentrant{
    uint256 amount = userPendingEther[msg.sender];
    require(amount > 0, "No ether to claim");
   
    userPendingEther[msg.sender] = 0;    
    userClaimedEther[msg.sender] = userClaimedEther[msg.sender] + amount;
    emit EtherClaimed(msg.sender, amount);

    // Transfer Ether to user
    (bool success, ) = payable(msg.sender).call{value: amount, gas: 4029}("");    
    require(success, "Transfer failed.");
  }

Assume msg.sender is a contract:

1. The contract calls the claimEther() function.
2. In the receive() function, the contract performs additional operations that consume a significant amount of gas.
3. The execution fails because the gas limit of 4029 is insufficient to complete these operations.