Non-existing recipient will return true on call #23
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-05-aura/blob/085f573756b132b2a5992c5aa5d7b907cd11c289//convex-platform/contracts/contracts/BoosterOwner.sol#L187
https://github.com/code-423n4/2022-05-aura/blob/085f573756b132b2a5992c5aa5d7b907cd11c289//convex-platform/contracts/contracts/StashFactoryV2.sol#L89
https://github.com/code-423n4/2022-05-aura/blob/085f573756b132b2a5992c5aa5d7b907cd11c289//convex-platform/contracts/contracts/StashFactoryV2.sol#L95
https://github.com/code-423n4/2022-05-aura/blob/085f573756b132b2a5992c5aa5d7b907cd11c289//convex-platform/contracts/contracts/StashFactoryV2.sol#L101
https://github.com/code-423n4/2022-05-aura/blob/085f573756b132b2a5992c5aa5d7b907cd11c289//convex-platform/contracts/contracts/VoterProxy.sol#L352
Vulnerability details
Impact
Consider checking the recipient address for existence before making the call.
If the address does not exist, call will return true and the user will not get the tokens to his wallet.
Proof of Concept
https://docs.soliditylang.org/en/develop/control-structures.html#:~:text=Warning-,The%20low%2Dlevel%20functions,-call%2C%20delegatecall
Tools Used
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: