Platform: Code4rena
Start Date: 06/06/2023
Pot Size: $60,500 USDC
Total HM: 5
Participants: 50
Period: 8 days
Judge: gzeon
Id: 246
League: ETH
Rank: 30/50
Findings: 1
Award: $54.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: libratus
Also found by: 0xcm, BRONZEDISC, Co0nan, Go-Langer, Madalad, MiniGlome, QiuhaoLi, T1MOH, Toshii, Udsen, ernestognw, flacko, joestakey, minhquanym, n1punp, rvierdiiev, sces60107
54.5276 USDC - $54.53
https://github.com/code-423n4/2023-06-llama/blob/aac904d31639c1b4b4e97f1c76b9c0f40b8e5cee/src/LlamaCore.sol#L317 https://github.com/code-423n4/2023-06-llama/blob/aac904d31639c1b4b4e97f1c76b9c0f40b8e5cee/src/LlamaExecutor.sol#L29
Any ETH that is expected to be sent to the executor as part of the delegatecall, will not automatically be sent along with the call.
Llama Executor has an execute function, but it is not payable. When the execute function is called during executeAction function using either call or delegatecall, it does not automatically forward any value (ETH) that may have been sent to the executeAction function.
Manual Review
Consider making the execute function in the Executor payable.
function execute(address target, uint256 value, bool isScript, bytes calldata data) external payable returns (bool success, bytes memory result) { if (msg.sender != LLAMA_CORE) revert OnlyLlamaCore(); (success, result) = isScript ? target.delegatecall{value: msg.value}(data) : target.call{value: msg.value}(data); } receive() external payable { (optional) }
By adding the payable modifier to the execute function, it becomes capable of receiving ETH along with the function call. The received ETH will be stored in the executor contract.
ETH-Transfer
#0 - c4-pre-sort
2023-06-19T11:14:52Z
0xSorryNotSorry marked the issue as duplicate of #247
#1 - c4-judge
2023-07-02T10:20:25Z
gzeon-c4 changed the severity to 2 (Med Risk)
#2 - c4-judge
2023-07-02T10:31:16Z
gzeon-c4 marked the issue as satisfactory