search

code-423n4 / 2022-08-nounsdao-findings

2 stars 0 forks source link

Not checking for return value of low-level call with value on NounsDAOLogicV2._withdraw #338

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L789

Vulnerability details

Impact

When used in a complex smart contracts code where other functions depend on whether the withdrawal was successful or not, there is not information about this - neither revert nor boolean returned. Although there is a event that contains information about whether the withdrawal was successful, other smart contracts cannot catch this event.

Proof of Concept

https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L789

Tools Used

VSCode Slither

Recommended Mitigation Steps

Check wether the withdrawal was successful and revert or return false otherwise.

davidbrai commented 2 years ago

thank you for the suggestion. this should be a low / QA level issue