We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0xRajeev
Low-level call returns success even if the contract is non-existent. This requires a contract existence check before making the low-level call.
https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/utils/TimeLock.sol#L93
See: “The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.” from https://docs.soliditylang.org/en/v0.8.7/control-structures.html#error-handling-assert-require-revert-and-exceptions
Manual Analysis
Check for target contract existence before call.
The text was updated successfully, but these errors were encountered:
0xRajeev issue #55
8d72db2
Mmm, we do this in several other places in the codebase, as well as others do in earlier implementations. Will fix.
Sorry, something went wrong.
Fix
No branches or pull requests
Handle
0xRajeev
Vulnerability details
Impact
Low-level call returns success even if the contract is non-existent. This requires a contract existence check before making the low-level call.
Proof of Concept
https://github.com/code-423n4/2021-08-yield/blob/4dc46470e616dd0cbd9db9b4742e36c4d809e02c/contracts/utils/TimeLock.sol#L93
See: “The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.” from https://docs.soliditylang.org/en/v0.8.7/control-structures.html#error-handling-assert-require-revert-and-exceptions
Tools Used
Manual Analysis
Recommended Mitigation Steps
Check for target contract existence before call.
The text was updated successfully, but these errors were encountered: