Closed c4-submissions closed 10 months ago
https://github.com/delegatexyz/delegate-registry/blob/6d1254de793ccc40134f9bec0b7cb3d9c3632bc1/src/DelegateRegistry.sol#L155-L158
It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert.
uint256 sc = uint256(uint160(0x0000000000000000000000000000000000000000)); assembly ("memory-safe") { let result := call(gas(), sc, selfbalance(), 0, 0, 0, 0) } }
The return value is unchecked, even though it is cached in the function.
Manual Review
Require that the result is true. Update the function with :
assembly ("memory-safe") { let result := call(gas(), sc, selfbalance(), 0, 0, 0, 0) } require(result, "Transfer FAILED"); }
ETH-Transfer
GalloDaSballo marked the issue as unsatisfactory: Overinflated severity
Function is self contained, sent as Med, Overly inflated
Lines of code
https://github.com/delegatexyz/delegate-registry/blob/6d1254de793ccc40134f9bec0b7cb3d9c3632bc1/src/DelegateRegistry.sol#L155-L158
Vulnerability details
Impact
It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert.
Proof of Concept
The return value is unchecked, even though it is cached in the function.
Tools Used
Manual Review
Recommended Mitigation Steps
Require that the result is true. Update the function with :
Assessed type
ETH-Transfer