Closed github-actions[bot] closed 1 year ago
Qeew
unlabeled
Low-level transfers made using the call() function can fail silently
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/governance/UXDTimelockController.sol#L40-L44
As stated in the Solidity documentation, check here, https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert-require-revert-and-exceptions. The call, delegatecall and staticcall functions can return true even when the account being called does not exist. This is a feature of the EVM.
To avoid silent failures, it is important to check for the existence of the account before making a transfer.
Manual Review
Verify the existence of the account before making a transfer
Qeew
unlabeled
Low-level transfers made using the call() function can fail silently
Summary
Vulnerability Detail
Low-level transfers made using the call() function can fail silently
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/governance/UXDTimelockController.sol#L40-L44
Impact
As stated in the Solidity documentation, check here, https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert-require-revert-and-exceptions. The call, delegatecall and staticcall functions can return true even when the account being called does not exist. This is a feature of the EVM.
To avoid silent failures, it is important to check for the existence of the account before making a transfer.
Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/governance/UXDTimelockController.sol#L40-L44
Tool used
Manual Review
Recommendation
Verify the existence of the account before making a transfer