naps62
commented
2 years ago The messages were kept short for optimization reasons. They are enough for the purposes they serve, and should not appear under regular use of the contracts
Closed code423n4 closed 2 years ago
naps62
commented
2 years ago The messages were kept short for optimization reasons. They are enough for the purposes they serve, and should not appear under regular use of the contracts
dmvt
commented
2 years ago duplicate of #72
Handle
palina
Vulnerability details
Impact
Some of the error messages specified in require() are not informative (e.g., "Vault: token id is not a withdraw", "insufficient"). In Depositors, the error message points to the
Claimersinstead ofDepositors.Proof of Concept
https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/vault/Depositors.sol#L30
https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/BaseStrategy.sol#L165
https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/BaseStrategy.sol#L166
Tools Used
Manual Analysis
Recommended Mitigation Steps
Make sure that error messages are informative and factual.