search

sherlock-audit / 2023-09-Gitcoin-judging

11 stars 7 forks source link

radevauditor - Gas grief possible on unsafe external calls #987

Closed sherlock-admin2 closed 11 months ago

sherlock-admin2 commented 11 months ago

radevauditor

false

Gas grief possible on unsafe external calls

There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use addr.call{gas: <amount>}("") or this library instead.

Vulnerability Detail

There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use addr.call{gas: <amount>}("") or this library instead.

Impact

Gas grief possible on unsafe external calls

Code Snippet

📁 File: allo-v2/contracts/core/Anchor.sol

/// @audit line 78
70:     function execute(address _target, uint256 _value, bytes memory _data) external returns (bytes memory) { 
71:         // Check if the caller is the owner of the profile and revert if not
72:         if (!registry.isOwnerOfProfile(profileId, msg.sender)) revert UNAUTHORIZED();
73: 
74:         // Check if the target address is the zero address and revert if it is
75:         if (_target == address(0)) revert CALL_FAILED();
76: 
77:         // Call the target address and return the data
78:         (bool success, bytes memory data) = _target.call{value: _value}(_data);
79: 
80:         // Check if the call was successful and revert if not
81:         if (!success) revert CALL_FAILED();
82: 
83:         return data;
84:     }

70

https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/core/Anchor.sol#L70

Tool used

Manual Review

sherlock-admin commented 11 months ago

1 comment(s) were left on this issue during the judging contest.

n33k commented:

invalid, no impact