Closed sherlock-admin2 closed 8 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. The returned value is checked
takarez commented:
invalid because {invalid: the return value was checked "if (!success)"}
Anubis
medium
Unchecked Return Value for ETH Transfers in receiveETH
Summary
The return value of the ETH transfer in receiveETH is not checked, which might lead to unnoticed failures.
Vulnerability Detail
In the function receiveETH, ETH is sent to an address using call. Although the success of the call is stored in a variable (success), it's not checked or acted upon. This means the function will not revert or otherwise react if the ETH transfer fails.
Impact
The failure of the ETH transfer is silent, which can lead to discrepancies in the contract's state or accounting, as the contract might assume the transfer was successful when it was not.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L259
Tool used
Manual Review
Recommendation
Always check the return value of the low-level call and revert the transaction if the call was not successful to ensure that the contract state remains consistent.