From d107428b39df79ff016690b0e7dbb3a6fa832ef6 Mon Sep 17 00:00:00 2001
From: yomarion-rf <yoann.marion@request.finance>
Date: Wed, 17 Jun 2026 15:55:40 +0200
Subject: [PATCH 1/3] chore: medium vuln "Fee Address Is Using transfer"

---
 .../src/contracts/BatchConversionPayments.sol                | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/smart-contracts/src/contracts/BatchConversionPayments.sol b/packages/smart-contracts/src/contracts/BatchConversionPayments.sol
index a207c7b335..fccfaa55f8 100644
--- a/packages/smart-contracts/src/contracts/BatchConversionPayments.sol
+++ b/packages/smart-contracts/src/contracts/BatchConversionPayments.sol
@@ -309,7 +309,10 @@ contract BatchConversionPayments is BatchNoConversionPayments {
     }
 
     require(address(this).balance >= batchFeeToPay, 'Not enough funds for batch conversion fees');
-    feeAddress.transfer(batchFeeToPay);
+    if (batchFeeToPay > 0) {
+      (bool feePaymentSuccess, ) = payable(feeAddress).call{value: batchFeeToPay}('');
+      require(feePaymentSuccess, 'Could not pay fees');
+    }
 
     // Batch contract transfers the remaining native tokens to the payer
     (bool sendBackSuccess, ) = payable(msg.sender).call{value: address(this).balance}('');

From 065ec1af7cc2ede94a2a5ef0906a0d5fc69e6e43 Mon Sep 17 00:00:00 2001
From: yomarion-rf <yoann.marion@request.finance>
Date: Wed, 17 Jun 2026 16:13:09 +0200
Subject: [PATCH 2/3] same fix for batch with no conversion

---
 .../src/contracts/BatchNoConversionPayments.sol              | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol b/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol
index 4ef0eb04e0..b44d7ae939 100644
--- a/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol
+++ b/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol
@@ -200,7 +200,10 @@ contract BatchNoConversionPayments is Ownable {
     // Check that batch contract has enough funds to pay batch fee
     require(address(this).balance >= amount, 'Not enough funds for batch fee');
     // Batch pays batch fee
-    feeAddress.transfer(amount);
+    if (batchFeeToPay > 0) {
+      (bool feePaymentSuccess, ) = payable(feeAddress).call{value: batchFeeToPay}('');
+      require(feePaymentSuccess, 'Could not pay fees');
+    }
 
     // Batch contract transfers the remaining Native tokens to the payer
     if (transferBackRemainingNativeTokens && address(this).balance > 0) {

From c0616ed46b8ba4cda2ea87997794618b1b13f479 Mon Sep 17 00:00:00 2001
From: Yoann <56731761+yomarion@users.noreply.github.com>
Date: Wed, 17 Jun 2026 16:16:51 +0200
Subject: [PATCH 3/3] Update
 packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---
 .../src/contracts/BatchNoConversionPayments.sol               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol b/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol
index b44d7ae939..61c21e20c2 100644
--- a/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol
+++ b/packages/smart-contracts/src/contracts/BatchNoConversionPayments.sol
@@ -200,8 +200,8 @@ contract BatchNoConversionPayments is Ownable {
     // Check that batch contract has enough funds to pay batch fee
     require(address(this).balance >= amount, 'Not enough funds for batch fee');
     // Batch pays batch fee
-    if (batchFeeToPay > 0) {
-      (bool feePaymentSuccess, ) = payable(feeAddress).call{value: batchFeeToPay}('');
+    if (amount > 0) {
+      (bool feePaymentSuccess, ) = payable(feeAddress).call{value: amount}('');
       require(feePaymentSuccess, 'Could not pay fees');
     }