search

code-423n4 / 2021-10-ambire-findings

0 stars 0 forks source link

lack of require message #53

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

JMukesh

Vulnerability details

Impact

require message give the idea what was the cause of failure , so its the best practise to add message in require()

Proof of Concept

https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L218

Tools Used

manual reveiw

Recommended Mitigation Steps

add message in require()

Ivshti commented 2 years ago

fixed in https://github.com/AmbireTech/adex-protocol-eth/commit/0a5b1032d7edc22010b56a4ac54cddd7751b47b2

GalloDaSballo commented 2 years ago

The sponsor has mitigated, I would go either way as require messages do increase bytecode Something to look into are brownie revert dev comments

That said the sponsor has implemented the suggestion so the finding is valid