search

sherlock-audit / 2024-06-makerdao-endgame-judging

1 stars 1 forks source link

4b - `SubProxy::exec()` does not handle return data #92

Closed sherlock-admin3 closed 1 month ago

sherlock-admin3 commented 1 month ago

4b

Medium

SubProxy::exec() does not handle return data

Summary

There is a missing check on the out return data in the exec function

Root Cause

In SubProxy::exec() there is no check that handles the data parameter after the delegatecall, it is only the bool param that is handled

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No handling of the data param can lead to complications in the code execution.

PoC

    function exec(address target, bytes calldata args) external payable auth returns (bytes memory out) {
        bool ok;
        (ok, out) = target.delegatecall(args);
        require(ok, "SubProxy/delegatecall-error");
    }

Mitigation

implement handling on the return data parameter after the delegate call

telome commented 1 month ago

No impact is demonstrated. Not an issue.