Detailed description of the impact of this finding.
This call is executed following another call within the same transaction. It is possible that the call never gets executed if a prior call fails permanently. This might be caused intentionally by a malicious callee.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
// https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/decaying-bonds/RdpxDecayingBonds.sol#L70-L72
function pause() external onlyRole(DEFAULT_ADMIN_ROLE) {
_pause();
}
// https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/decaying-bonds/RdpxDecayingBonds.sol#L89-L107
function emergencyWithdraw(
address[] calldata tokens,
bool transferNative,
address payable to,
uint256 amount,
uint256 gas
) external onlyRole(DEFAULT_ADMIN_ROLE) {
_whenPaused();
if (transferNative) {
(bool success, ) = to.call{ value: amount, gas: gas }("");
require(success, "RdpxReserve: transfer failed");
}
IERC20WithBurn token;
for (uint256 i = 0; i < tokens.length; i++) {
token = IERC20WithBurn(tokens[i]);
token.safeTransfer(msg.sender, token.balanceOf(address(this)));
}
}
1. Paste the function above to the end of the tests/rdpxV2-core/RdpxDecayingBondsTest.t.sol contract.
2. In the terminal run: forge test -vvvv --match-path "tests/RdpxDecayingBondsTest.t.sol" --match-test "testFailDecayingBonds"
3. Hopefully you got DOS with a successful callback and recompile.
If possible, refactor the code such that each transaction only executes one external call or make sure that all callees can be trusted (i.e. they're part of your own codebase).
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/decaying-bonds/RdpxDecayingBonds.sol#L70-L72 https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/decaying-bonds/RdpxDecayingBonds.sol#L89-L107
Vulnerability details
Impact
Detailed description of the impact of this finding. This call is executed following another call within the same transaction. It is possible that the call never gets executed if a prior call fails permanently. This might be caused intentionally by a malicious callee.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Exploit in Foundry
Test Case in Foundry
Log
Tools Used
Mythx. VS Code. Foundry.
Recommended Mitigation Steps
If possible, refactor the code such that each transaction only executes one external call or make sure that all callees can be trusted (i.e. they're part of your own codebase).
Assessed type
DoS