A missing require may cause user to lose funds if a corner case issue filed separately named Failed transfer with low level call won't revert. This may result in user funds lost because funds were transferred into this contract in preparation for the swap. The swap fails but doesn't revert. In GenericSwapFacet.sol there is no require to check that postSwapBalance is greater than 0. However, there is in the other facets.
Proof of Concept
Alice uses Generic swap with 100 DAI
Alice's 100 DAI are sent to the Swapper.sol contract
The call on swap _swapData.callTo.call{ value: msg.value }(_swapData.callData); fails but returns success due to nonexisting contract
postSwapBalance = 0 Other facets would revert here
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/GenericSwapFacet.sol#L28-L30
Vulnerability details
Failed transfer with low level call won't revert
Impact
A missing require may cause user to lose funds if a corner case issue filed separately named
Failed transfer with low level call won't revert
. This may result in user funds lost because funds were transferred into this contract in preparation for the swap. The swap fails but doesn't revert. In GenericSwapFacet.sol there is no require to check thatpostSwapBalance
is greater than 0. However, there is in the other facets.Proof of Concept
_swapData.callTo.call{ value: msg.value }(_swapData.callData);
fails but returns success due to nonexisting contractTools Used
Manual review
Recommended Mitigation Steps
add
require(postSwapBalance > 0, "ERR_INVALID_AMOUNT");