c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
minhquanym
commented
1 year ago Insufficient proof
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-06-lukso/contracts/LSP1UniversalReceiver/LSP1Utils.sol#L20-L28 https://github.com/code-423n4/2023-06-lukso/contracts/LSP1UniversalReceiver/LSP1Utils.sol#L30-L50
Vulnerability details
Impact
Ignoring return value in LSP1Utils.tryNotifyUniversalReceiver: The function tryNotifyUniversalReceiver attempts to notify a contract about a received asset or vault by calling its universalReceiver function By ignoring the return value, the contract loses the ability to handle any potential errors or messages returned by the universalReceiver function. As well in LSP1Utils.callUniversalReceiverWithCallerInfos: The function callUniversalReceiverWithCallerInfos calls the universalReceiver function of a specified contract and verifies the result using the Address.verifyCallResult function.
Proof of Concept
Tools Used
Manual analysis
Recommended Mitigation Steps
It is generally good practice to handle and respond appropriately to return values, especially in cases where the success or failure of a function call can have significant implications for the contract's behavior and security.
Assessed type
Error