search

hats-finance / Intuition-0x538dbadc50cc87b281cd655f1edbc6ebda02a66a

The smart contracts of the Intuition protocol v1.
https://intuition.systems
Other
0 stars 1 forks source link

`AtomWallet::execute` function is missing `payable` keyword #35

Open hats-bug-reporter[bot] opened 1 week ago

hats-bug-reporter[bot] commented 1 week ago

Github username: @maikelordaz Twitter username: maikelordaz Submission hash (on-chain): 0x4d0c9c61e1043cc911bb9f4320d7688977aa3468930532095e1d1b136e6e2c2f Severity: medium

Description: Description: AtomWallet::execute function is missing payable keyword, as you can see the function is as follows

    function execute(address dest, uint256 value, bytes calldata func) external onlyOwnerOrEntryPoint {
        _call(dest, value, func);
    }

And make an internal call to AtomWallet::_call function where there is a low level call seding some value

    function _call(address target, uint256 value, bytes memory data) internal {
@>      (bool success, bytes memory result) = target.call{value: value}(data);
        if (!success) {
            assembly {
                revert(add(result, 32), mload(result))
            }
        }
    }

If this value is 0 the execute function will always fail

Recommendation: Consider the next change in the code

-   function execute(address dest, uint256 value, bytes calldata func) external onlyOwnerOrEntryPoint {
+   function execute(address dest, uint256 value, bytes calldata func) external payable onlyOwnerOrEntryPoint {
+       require(value <= msg.vaue; "Not enough value send");

        _call(dest, value, func);
    }
mihailo-maksa commented 4 days ago

Duplicate of issue #2.