Closed sherlock-admin3 closed 1 month ago
4b
Medium
SubProxy::exec()
There is a missing check on the out return data in the exec function
out
exec
In SubProxy::exec() there is no check that handles the data parameter after the delegatecall, it is only the bool param that is handled
No response
No handling of the data param can lead to complications in the code execution.
function exec(address target, bytes calldata args) external payable auth returns (bytes memory out) { bool ok; (ok, out) = target.delegatecall(args); require(ok, "SubProxy/delegatecall-error"); }
implement handling on the return data parameter after the delegate call
No impact is demonstrated. Not an issue.
4b
Medium
SubProxy::exec()
does not handle return dataSummary
There is a missing check on the
out
return data in theexec
functionRoot Cause
In
SubProxy::exec()
there is no check that handles the data parameter after the delegatecall, it is only the bool param that is handledInternal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No handling of the data param can lead to complications in the code execution.
PoC
Mitigation
implement handling on the return data parameter after the delegate call