Closed sherlock-admin closed 1 year ago
vagrant
medium
WalletImpl#execCalls() does a low level call to addresses provided by the caller without a prior check for account existence
Low-level call returns true as its first value if the account called is non-existent
Calls that call a non-existent address do not revert and return true even though they are not successful
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-utils/src/WalletImpl.sol#L43-L65
function execCalls(Call[] calldata calls_) external payable onlyOwner returns (uint256 blockNumber, bytes[] memory returnData) { blockNumber = block.number; uint256 length = calls_.length; returnData = new bytes[](length); bool success; for (uint256 i; i < length;) { Call calldata calli = calls_[i]; (success, returnData[i]) = calli.to.call{value: calli.value}(calli.data); require(success, string(returnData[i])); unchecked { ++i; } } emit ExecCalls(calls_); } }
Manual Review
Check before any low-level call that the address actually exists
vagrant
medium
vagrant - Missing account existence check for call in WalletImpl.sol
vagrant
medium
Summary
WalletImpl#execCalls() does a low level call to addresses provided by the caller without a prior check for account existence
Vulnerability Detail
Low-level call returns true as its first value if the account called is non-existent
Impact
Calls that call a non-existent address do not revert and return true even though they are not successful
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-utils/src/WalletImpl.sol#L43-L65
Tool used
Manual Review
Recommendation
Check before any low-level call that the address actually exists