Missing check for contract existence #55

code423n4 · 2021-08-14T15:25:15Z

Handle

0xRajeev

Low-level call returns success even if the contract is non-existent. This requires a contract existence check before making the low-level call.

See: “The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.” from https://docs.soliditylang.org/en/v0.8.7/control-structures.html#error-handling-assert-require-revert-and-exceptions

Manual Analysis

Check for target contract existence before call.

alcueca · 2021-08-15T15:27:35Z

Mmm, we do this in several other places in the codebase, as well as others do in earlier implementations. Will fix.

alcueca · 2021-08-16T09:55:03Z

code423n4 added 1 (Low Risk) bug Something isn't working labels Aug 14, 2021

code423n4 added a commit that referenced this issue Aug 14, 2021

0xRajeev issue #55

8d72db2

alcueca added Timelock Router sponsor confirmed labels Aug 15, 2021

alcueca removed the Router label Aug 16, 2021