search

Egis-Security / CTF_Challenge

Repository containing CTF challenges from nmirchev8, deth and bOgO.
14 stars 8 forks source link

b0g0_ctf - .call() in function withdraw(uint256) with whitespace payload #31

Open Viktor-Andreev4 opened 2 months ago

Viktor-Andreev4 commented 2 months ago

Description of bug

The call function in the withdraw method includes a payload consisting of whitespace. This unintended whitespace can potentially lead to unexpected behavior during execution.

Impact

The inclusion of whitespace in the payload may cause unintended consequences or failures when interacting with the recipient's fallback function. This could result in improper handling of the Ether transfer and potentially lead to bugs or vulnerabilities.

Solution

Change (bool success, ) = msg.sender.call{value: depositRequired}(" "); to (bool success, ) = msg.sender.call{value: depositRequired}("");

BogoCvetkov commented 2 months ago

Valid! But another auditor submitted first -> https://github.com/Egis-Security/CTF_Challenge/issues/30