Closed code423n4 closed 1 year ago
I believe this shows appropriate nuance, but because the loss is self-inflicted and funds are technically recoverable, I think this is QA Low
Known Issue. We don't think it is a real problem.
[dispute validity] It's an intended, well documented behavior that must be taken into account by the users. Lack of checks of spent Ether allows running more nuanced flows, e.g. recursive calls or getting Ether from 3rd party contracts.
CodeSandwich marked the issue as sponsor disputed
Because of the comment: https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Caller.sol#L188-L189
I agree with the Sponsor
GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Caller.sol#L198
Vulnerability details
For each call in
callBatched
, we pass a value to be sent along with the call:The sum of the values of the calls should be equal to
msg.value
. Ifmsg.value
is insufficient, the batch will revert. Ifmsg.value
is greater than the sum of the values of the calls, then excess ETH will be left in the contract, which anyone can take by usingcallBatched
with a call which sends the ETH to their address withmsg.value == 0
.