search

code-423n4 / 2023-08-goodentry-findings

3 stars 2 forks source link

[M-01] SWC-104 Unchecked Call Return Value #14

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L156 https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L174 https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L192

Vulnerability details

Impact

Detailed description of the impact of this finding. Unchecked Call Return Value. The return value of a message call is not checked. Execution will resume even if the called contract throws an exception. If the call fails accidentally or an attacker forces the call to fail, this may cause unexpected behaviour in the subsequent program logic.

Proof of Concept

Provide direct links to all referenced code in GitHub. Vulnerable URLs

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L156

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L174

https://github.com/code-423n4/2023-08-goodentry/blob/4b785d455fff04629d8675f21ef1d1632749b252/contracts/helper/V3Proxy.sol#L192

Add screenshots, logs, or any other relevant proof that illustrates the concept. Vulnerable Code

// Line 156
        msg.sender.call{value: msg.value - amounts[0]}("");
// Line 174
        payable(msg.sender).call{value: amountOut}("");
// Line 192
        payable(msg.sender).call{value: amounts[1]}("");

Tools Used

VS Code Mythx

Recommended Mitigation Steps

Fixed Code

// Line 156
        require(msg.sender.call{value: msg.value - amounts[0]}(""));
// Line 174
        require(payable(msg.sender).call{value: amountOut}(""));
// Line 192
        require(payable(msg.sender).call{value: amounts[1]}(""));

Assessed type

call/delegatecall

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #481

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #83

c4-judge commented 1 year ago

gzeon-c4 marked the issue as satisfactory