ghoul-sol
commented
3 years ago It's added to our backlog. Thanks!
Open code423n4 opened 3 years ago
ghoul-sol
commented
3 years ago It's added to our backlog. Thanks!
Handle
gpersoon
Vulnerability details
Impact
The function requireNoError of Cether.sol contains 2 checks on errCode == uint(Error.NO_ERROR). After the first check it returns. After this errCode == uint(Error.NO_ERROR) will never be true, so doesn't have to be checked.
Proof of Concept
function requireNoError(uint errCode, string memory message) internal pure { if (errCode == uint(Error.NO_ERROR)) { return; } ... require(errCode == uint(Error.NO_ERROR), string(fullMessage));
Tools Used
Editor
Recommended Mitigation Steps
Replace require(errCode == uint(Error.NO_ERROR), string(fullMessage)); with require(false, string(fullMessage));
Note: Solidity 8.4 has new error handling functionality which could replace the logic of requireNoError