Low level calls (call, delegatecall and staticcall) return success if the called contract doesn’t exist (not deployed or destructed)
As written in the [solidity documentation](https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert-
The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.
telome
commented
3 months ago
NoOne
Medium
Call to non-existing contracts returns success
Summary
Vulnerability Detail
Low level calls (
call,delegatecallandstaticcall) return success if the called contract doesn’t exist (not deployed or destructed) As written in the [solidity documentation](https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert- The low-level functionscall,delegatecallandstaticcallreturn true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/Multicall.sol#L12
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/endgame-toolkit/src/SubProxy.sol#L76
Tool used
Manual Review
Recommendation
Check for contract existence on low-level calls, so that failures are not missed.