jeffywu
commented
3 years ago The zero return code from Compound mean success.
Open code423n4 opened 3 years ago
jeffywu
commented
3 years ago The zero return code from Compound mean success.
ghoul-sol
commented
3 years ago returning 0 in many languages means success, per sponsor comment invalid
Handle
tensors
Vulnerability details
Impact
Either confusing code or a sign flip is needed for the TokenHandler.sol to mint properly.
Proof of Concept
The code seems to imply "success" should be false if the mint works and "success" should be true if the mint fails.
https://github.com/code-423n4/2021-08-notional/blob/4b51b0de2b448e4d36809781c097c7bc373312e9/contracts/internal/balances/TokenHandler.sol#L116
Recommended Mitigation Steps
It looks like a negation is needed on this line, or a variable name change.