There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use addr.call{gas: <amount>}("") or this library instead.
Vulnerability Detail
There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use addr.call{gas: <amount>}("") or this library instead.
Impact
Gas grief possible on unsafe external calls
Code Snippet
📁 File: allo-v2/contracts/core/Anchor.sol
/// @audit line 78
70: function execute(address _target, uint256 _value, bytes memory _data) external returns (bytes memory) {
71: // Check if the caller is the owner of the profile and revert if not
72: if (!registry.isOwnerOfProfile(profileId, msg.sender)) revert UNAUTHORIZED();
73:
74: // Check if the target address is the zero address and revert if it is
75: if (_target == address(0)) revert CALL_FAILED();
76:
77: // Call the target address and return the data
78: (bool success, bytes memory data) = _target.call{value: _value}(_data);
79:
80: // Check if the call was successful and revert if not
81: if (!success) revert CALL_FAILED();
82:
83: return data;
84: }
radevauditor
false
Gas grief possible on unsafe external calls
There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use
addr.call{gas: <amount>}("")
or this library instead.Vulnerability Detail
There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use
addr.call{gas: <amount>}("")
or this library instead.Impact
Gas grief possible on unsafe external calls
Code Snippet
70
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/core/Anchor.sol#L70
Tool used
Manual Review