Closed code423n4 closed 2 years ago
Labeled as sponsor disputed because while provided links involve generating ABI encoded calldata that is meant to be executed on L2 via Arbitrum retryable tickets there are no actual low level calls being performed in the referenced contract itself and any execution of the calldata is handled by Arbitrum so there are no changes to be made in the referenced contract.
Agree, these low-level calls are not handled by Livepeer's contracts.
Handle
defsec
Vulnerability details
Impact
Several contract perform low-level calls to the L2LPT contracts and do not check the success value. While these calls should never fail when the contract addresses are correct, we still recommend checking the success return value of these low-level calls.
Proof of Concept
Tools Used
None
Recommended Mitigation Steps
Check the success return value of all low-level calls and revert if it's false.