Missing contract-existence checks before low-level calls

[hats-bug-reporter[bot]]

Github username: @saidqayoumsadat Twitter username: saqsadat143 Submission hash (on-chain): 0x8966dd7575376720ff3b24ae6bd9a3c0f86ad7680969532b01ed44d022068a3a Severity: low

Description: Description\ Low-level calls return success if there is no code present at the specified address. In addition to the zero-address checks, add a check to verify that <address>.code.length > 0

1. Proof of Concept (PoC) File

763        uint256 purchasedTokens = ICatalystV1Vault(targetVault).underwriteAsset(

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L763C1-L763C81

file: /src/CatalystChainInterface.sol

814             ICatalystReceiver(dataTarget).onCatalystCall(purchasedTokens, customCalldata);

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystChainInterface.sol#L814C1-L814C91

file: m/src/IntegralsVolatile.sol

28        return W * uint256(FixedPointMathLib.lnWad(int256(FixedPointMathLib.divWadDown(A + input, A))));    // int256 casting is safe. If overflows, it returns negative. lnWad fails on negative numbers. If the vault balance is high, this is unlikely.

https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/IntegralsVolatile.sol#L28C1-L28C251

[reednaa]

Sorrry, I don't understand this issue.