I am using this in a contract to refund overpayments of a payable function. fees are calculated in the line above this.
if (msg.value > fees){
uint256 excess = msg.value - fees;
(bool success, ) = payable(msg.sender).call{value: excess}("");
require(success, "Failed");
}
After an audit I got the following feedback.
Description
The use of low-level calls is error-prone. Low-level calls do not check for code existence or call
success.
Recommendation
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code
existence.
Any thought on this process for refunding the difference after a payable function.