code-423n4 / 2022-01-xdefi-findings

0 stars 0 forks source link

Wrong revert message #171

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

Czar102

Vulnerability details

Impact

Wrong revert messages might lead to confusion.

Proof of Concept

In line 52 of XDEFIDistribution, the reason for a fail of a reentrant call is "LOCKED". In DeFi, it usually means that contract's functionality is temporarily limited. This is not true in this case.

Recommended Mitigation Steps

Consider changing the revert string to "REENTRY_NOT_ALLOWED".

deluca-mike commented 2 years ago

Valid point. We are going to use if-reverts with custom error messages, and therefore it will be error NoReentering();

deluca-mike commented 2 years ago

This was done in release candidate contract via custom error messages. For this specific case, the custom error message is defined here and thrown here.