Although transfer() and send() have been recommended as a security best-practice to prevent reentrancy attacks because they only forward 2300 gas, the gas repricing of opcodes may break deployed contracts. Use call() instead, without hardcoded gas limits along with checks-effects-interactions pattern or reentrancy guards for reentrancy protection. (see here and here)
- ETH
transfer()&send()Reentrancy Mitigations - Gas Subsidy 2300
- Reentrancy -> No Gas
- Opcode Gas Repricing -> Break Contracts
call()& CEI Pattern & Reentrancy Guards