Closed sherlock-admin4 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
interesting; but low; 1 & 3 impact are vague; 2 is not bad; but it would dos only this exact txn and after it; the swapper has the ability to not execute it ever again; so no major DOS to be considered as a valid issue
cheatcode
medium
Unsafe use of low-level calls in AmirX::defiSwap function
Summary
The use of
call
for sending Ether or interacting with untrusted contracts is a well-known security concern in Ethereum smart contract development. This method provides a lot of flexibility but also introduces significant risks, including reentrancy attacks and unexpected changes in contract state.Vulnerability Detail
In the
AmirX
contract, particularly within thedefiSwap
function the code looks like this:In this code:
wallet.call{value: 0}(defi.walletData)
is used to interact with an address stored inwallet
using data fromdefi.walletData
. This can execute arbitrary code.{value: 0}
part indicates that no Ether is being sent with the call, but the method itself can be used to send Ether by specifying a non-zero value.require(walletResult, "AmirX: wallet transaction failed");
checks if the call was successful.Impact
Risks Involved with
call
The
call
method can lead to reentrancy attacks if the called contract calls back into any function of theAmirX
contract, potentially leading to unexpected behaviors or vulnerabilities, especially if state changes occur after thecall
.By default,
call
forwards all available gas, potentially allowing a called contract to consume all gas provided to the function, affecting the execution of later operations.Since
call
is used to execute arbitrary bytecode, if the data indefi.walletData
is crafted maliciously or ifwallet
is a malicious contract, it can lead to unintended actions being performed.Code Snippet
https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/swap/AmirX.sol#L103
Tool used
Manual Review
Recommendation
Avoid using
call
for Ether transfers. For sending Ether, prefer usingtransfer
orsend
as they limit the gas sent to 2300, preventing reentrancy attacks. For Solidity 0.6.x and above, usingcall
for Ether transfers is recommended but with proper reentrancy guards.