hats-finance / Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0

Proof of Humanity Protocol v2
2 stars 1 forks source link

Call to non existing contract #32

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0xab2831abdd9fb707297d951d59feaa0f9a5bf12bffcbe32a1ec0ad328b5f5e33 Severity: low

Description: Description\ Low level calls (call, delegatecall and staticcall) return success if the called contract doesn’t exist (not deployed or destructed) As written in the [solidity documentation](https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert- The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.

  1. Proof of Concept (PoC) File

https://github.com/hats-finance/Proof-Of-Humanity-V2-0xef0709445d394a22704850c772a28a863bb780b0/blob/1632b61bf2c3104916b9c501a0af65d0502dfc4c/contracts/bridge-gateways/AMBBridgeGateway.sol#L90

Recommendation

Check for contract existence on low-level calls, so that failures are not missed.

clesaege commented 2 months ago

homeProxy is immutable and set in the constructor. It refers to a well defined contract, so it is existant.

As per competition rules are excluded: Issues which can arise at deployment time but which didn't arise in the provided deployments (assume the contracts will always be deployed the way they were, this means that some are deployed using an upgradability proxy). In particular, the upgradable contracts use an initializer called during the deployment.