Use of delegatecall in a payable function inside a loop

[c4-bot-4]

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/multicall/Multicall.sol#L12

Vulnerability details

Impact

The Multicall contract uses the delegatecall proxy pattern (which takes user-provided call data) in a payable function within a loop. This means that each delegatecall within the for loop will retain the msg.value of the transaction

see : https://solodit.xyz/issues/use-of-delegatecall-in-a-payable-function-inside-a-loop-trailofbits-yield-v2-pdf

Tools Used

Manual Review

Recommended Mitigation Steps

• Short term, document the risks associated with the use of msg.value and ensure that all developers are aware of this potential attack vector.
• Long term, detail the security implications of all functions in both the documentation and the code to ensure that potential attack vectors do not become exploitable when code is refactored or added.

Assessed type

call/delegatecall

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid