When used in a complex smart contracts code where other functions depend on whether the withdrawal was successful or not, there is not information about this - neither revert nor boolean returned. Although there is a event that contains information about whether the withdrawal was successful, other smart contracts cannot catch this event.
Lines of code
https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L789
Vulnerability details
Impact
When used in a complex smart contracts code where other functions depend on whether the withdrawal was successful or not, there is not information about this - neither revert nor boolean returned. Although there is a event that contains information about whether the withdrawal was successful, other smart contracts cannot catch this event.
Proof of Concept
https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L789
Tools Used
VSCode Slither
Recommended Mitigation Steps
Check wether the withdrawal was successful and revert or
return false
otherwise.