Unchecked low-level call in _call function will cause unexpected behavior of the contract SymmioPartyA.sol
Summary
The _call function in the SymmioPartyA contract uses a low-level call to interact with the symmioAddress without verifying the success of the call. This can lead to unexpected behavior and potential security risks if the call fails or if symmioAddress is not a contract.
safdie
Medium
Unchecked low-level call in
_call
function will cause unexpected behavior of the contractSymmioPartyA.sol
Summary
The
_call
function in theSymmioPartyA
contract uses a low-level call to interact with thesymmioAddress
without verifying the success of the call. This can lead to unexpected behavior and potential security risks if the call fails or if symmioAddress is not a contract.Root Cause
The root cause of this vulnerability is the use of a low-level call without proper checks to ensure the call’s success and to verify that
symmioAddress
is a valid contract address. https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/multiAccount/SymmioPartyA.sol#L47-L49Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
symmioAddress
to a non-contract address._call
is executed, the low-level call would fail silently.Impact
PoC
Mitigation
To mitigate this vulnerability, ensure that the
call
is checked for success and thatsymmioAddress
is a valid contract address before making the call.