search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Missing error messages in require statements #265

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/ActivePool.sol#L157-L157

require(sent);

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/ActivePool.sol#L166-L166

require(_tokens.length == _amounts.length);

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/BorrowerOperations.sol#L362-L362

require(_collsIn.length == _amountsIn.length);

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/TroveManager.sol#L231-L232

require(_borrowers.length == _lowerHints.length);
require(_lowerHints.length == _upperHints.length);
kingyetifinance commented 2 years ago

Duplicate #17

alcueca commented 2 years ago

Taking as main, and at the same time, I don't think that require messages do anything these days. In most cases the user should go contact support, and support should debug using Tenderly.