code-423n4 / 2022-09-party-findings

2 stars 0 forks source link

Unchecked return value of eth transfer #310

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L783-L796

Vulnerability details

Impact

PartyGovernance.targetAddress() makes a low-level call to send eth to a target address, however does not check if transaction is successful.

Proof of Concept

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L783-L796

Tools Used

Manual review

Recommended Mitigation Steps

Add a require check for success

merklejerk commented 1 year ago

Duplicate of #233

HardlyDifficult commented 1 year ago

See dupe for context.

Merging with #308