Closed sherlock-admin closed 1 year ago
hack3r-0m
high
faulty abi decoding from revert in catch block can lead to attacker controlled execution
(string memory reason, /* bool hasRevertMessage */) = ErrorUtils.getRevertMessage(reasonBytes);
attacker can return faulty abi encoded message from call such that it fails while decoding and hence allowing attacker to control when deposit is executed
due to this, attacker do risk-free deposit when market conditions are favourable
https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/exchange/DepositHandler.sol#L186
Manual Review
do not decode the reason
Duplicate of #119
hack3r-0m
high
faulty abi decoding from revert in catch block can lead to attacker controlled execution
Summary
faulty abi decoding from revert in catch block can lead to attacker controlled execution
Vulnerability Detail
attacker can return faulty abi encoded message from call such that it fails while decoding and hence allowing attacker to control when deposit is executed
Impact
due to this, attacker do risk-free deposit when market conditions are favourable
Code Snippet
https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/exchange/DepositHandler.sol#L186
Tool used
Manual Review
Recommendation
do not decode the reason
Duplicate of #119