Refund overpayments?

I am using this in a contract to refund overpayments of a payable function. fees are calculated in the line above this.

if (msg.value > fees){
            uint256 excess = msg.value - fees;
            (bool success, ) = payable(msg.sender).call{value: excess}("");
            require(success, "Failed");

After an audit I got the following feedback.

The use of low-level calls is error-prone. Low-level calls do not check for code existence or call

Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code

Any thought on this process for refunding the difference after a payable function.

I think it is ok to use low-level calls, as long as you know what you are doing. And when you send eth to an address like this, maybe you should notice the risk of the reentrancy.

1 Like