The function requireNoError of Cether.sol contains 2 checks on errCode == uint(Error.NO_ERROR).
After the first check it returns. After this errCode == uint(Error.NO_ERROR) will never be true, so doesn't have to be checked.
Proof of Concept
function requireNoError(uint errCode, string memory message) internal pure {
if (errCode == uint(Error.NO_ERROR)) {
return;
}
...
require(errCode == uint(Error.NO_ERROR), string(fullMessage));
Tools Used
Editor
Recommended Mitigation Steps
Replace require(errCode == uint(Error.NO_ERROR), string(fullMessage));
with require(false, string(fullMessage));
Note: Solidity 8.4 has new error handling functionality which could replace the logic of requireNoError
Handle
gpersoon
Vulnerability details
Impact
The function requireNoError of Cether.sol contains 2 checks on errCode == uint(Error.NO_ERROR). After the first check it returns. After this errCode == uint(Error.NO_ERROR) will never be true, so doesn't have to be checked.
Proof of Concept
function requireNoError(uint errCode, string memory message) internal pure { if (errCode == uint(Error.NO_ERROR)) { return; } ... require(errCode == uint(Error.NO_ERROR), string(fullMessage));
Tools Used
Editor
Recommended Mitigation Steps
Replace require(errCode == uint(Error.NO_ERROR), string(fullMessage)); with require(false, string(fullMessage));
Note: Solidity 8.4 has new error handling functionality which could replace the logic of requireNoError