Llama - 0xcm's results

Lines of code

https://github.com/code-423n4/2023-06-llama/blob/aac904d31639c1b4b4e97f1c76b9c0f40b8e5cee/src/LlamaCore.sol#L317-L343

Vulnerability details

Title *

Missing Ether Transfer to LlamaExecutor Contract in ExecuteAction Function

Description

The executeAction function in the Llama contract fails to transfer Ether to the LlamaExecutor contract when calling the execute function. This is a critical oversight, as it means that the LlamaExecutor contract does not receive the intended Ether amount during the function execution, even though the value parameter suggests otherwise.

Impact

The missing Ether transfer may cause LlamaExecutor's execute function to fail, particularly in cases where a call operation is performed and the LlamaExecutor contract does not have sufficient Ether balance. This could lead to transaction failures and disrupt the correct execution of the contracts, potentially impacting users' funds or operations.

Proof of Concept

The code can be found in the executeAction function of the Llama contract:

// Execute action.
(bool success, bytes memory result) =
  executor.execute(actionInfo.target, actionInfo.value, action.isScript, actionInfo.data);

In this function, executor.execute is being called with actionInfo.value, but no Ether is actually sent to the LlamaExecutor contract.

Tools Used

• ChatGPT May 24 Version

Recommended Mitigation Steps

• Modify the executeAction function to send Ether to the LlamaExecutor contract during the execute function call. This could be done by using the {value: actionInfo.value} syntax during the function call.
• Ensure the execute function in the LlamaExecutor contract is marked as payable, enabling it to accept the transferred Ether.
• Implement additional checks in the execute function to verify that the correct amount of Ether has been received.
• Test the updated functions extensively to ensure they behave as expected and no new vulnerabilities have been introduced.

Assessed type

ETH-Transfer