search

code-423n4 / 2022-04-dualityfocus-findings

1 stars 0 forks source link

Unchecked low level `call()`s #37

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/compound_rari_fork/CToken.sol#L474 https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/compound_rari_fork/CToken.sol#L1624-L1627

Vulnerability details

Impact

The code does not check the return value so if the call fails, checkpoints will not have been written if the model requires them, leading to the incorrect pricing of assets

Proof of Concept

  1. File: contracts/compound_rari_fork/CToken.sol (line 474)

        address(interestRateModel).call(abi.encodeWithSignature("checkpointInterest(uint256)", borrowRateMantissa));

  2. File: contracts/compound_rari_fork/CToken.sol (lines 1624-1627)

            address(oldInterestRateModel).call(abi.encodeWithSignature("resetInterestCheckpoints()"));

    // Attempt to add first interest checkpoint on new IRM
    address(newInterestRateModel).call(abi.encodeWithSignature("checkpointInterest()"));

Tools Used

Code inspection

Recommended Mitigation Steps

Check the return code of the call and bubble up any reverts if the model implements the given functions

0xdramaone commented 2 years ago

checkpoint function call is a no-op, doesn't exist on our interest rate models

jack-the-pug commented 2 years ago

Not a valid issue as it seems like intended behavior.