The return value of .call() is recorded but never acctually checked in the execute( ) function in UTBExecutor.sol does not accutally check, Line 70 #152
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-641
edited-by-warden
insufficient quality report
This report is not of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
|
raymondfam marked the issue as insufficient quality report |
|
raymondfam marked the issue as duplicate of #70 |
|
Extremely insufficient proof to elicit what #70 does. |
|
alex-ppg marked the issue as not a duplicate |
|
alex-ppg marked the issue as duplicate of #641 |
|
alex-ppg marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/UTBExecutor.sol#L70
Vulnerability details
Impact
The return value of .call() is recorded but never acctually checked in the execute( ) function in UTBExecutor.sol does not accutally check, Line 70
Although the function record the return value (the variable 'success' at https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/UTBExecutor.sol#L70) ,it does not actually check whether it is False.
So this call can fail silently
Proof of Concept
https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/UTBExecutor.sol#L70
Tools Used
Manual Analysis
Recommended Mitigation Steps
Check the return value after the call at https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/UTBExecutor.sol#L70
Assessed type
call/delegatecall
The text was updated successfully, but these errors were encountered: