code-423n4 / 2021-04-basedloans-findings

0 stars 1 forks source link

requireNoError not used in a consistent way #5

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

gpersoon

Vulnerability details

Impact

Cether.sol has a function requireNoError to check for errors. This is used most of the time, however in one occasion it isn't used.

Proof of Concept

function getCashPrior() internal view returns (uint) {
    (MathError err, uint startingBalance) = subUInt(address(this).balance, msg.value);
    require(err == MathError.NO_ERROR);
    return startingBalance;
}

Tools Used

Editor

Recommended Mitigation Steps

Replace require(err == MathError.NO_ERROR); with: requireNoError(err, "getCashPrior failed");

ghoul-sol commented 3 years ago

Technically, the code works but I agree that consistency should be kept. Added to backlog.