search

code-423n4 / 2021-06-tracer-findings

1 stars 0 forks source link

use try catch #25

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

gpersoon

Vulnerability details

Impact

The function executeTrade does a low level call to matchOrders of TracerPerpetualSwaps.sol, to be able to catch reverts.

In the newer solidity versions it is also possible to use try / catch, which is more readable. See here: https://docs.soliditylang.org/en/latest/control-structures.html#try-catch

Proof of Concept

// https://github.com/code-423n4/2021-06-tracer/blob/main/src/contracts/Trader.sol#L67 function executeTrade(Types.SignedLimitOrder[] memory makers, Types.SignedLimitOrder[] memory takers) external override { ... (bool success, ) = makeOrder.market.call( abi.encodePacked( ITracerPerpetualSwaps(makeOrder.market).matchOrders.selector, abi.encode(makeOrder, takeOrder, fillAmount) ) );

Tools Used

Recommended Mitigation Steps

Use try catch