Platform: Code4rena
Start Date: 06/06/2023
Pot Size: $60,500 USDC
Total HM: 5
Participants: 50
Period: 8 days
Judge: gzeon
Id: 246
League: ETH
Rank: 26/50
Findings: 1
Award: $54.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: libratus
Also found by: 0xcm, BRONZEDISC, Co0nan, Go-Langer, Madalad, MiniGlome, QiuhaoLi, T1MOH, Toshii, Udsen, ernestognw, flacko, joestakey, minhquanym, n1punp, rvierdiiev, sces60107
54.5276 USDC - $54.53
LlamaExecutor#execute is a function for making a delegate call to a target contract, with data and value defined as a parameter by the user. However the function is not payable, meaning it is not possible to pass ether when calling the function. Moreover, there does not exist a receive or payable fallback function in the contract. This makes the LlamaExecutor contract unable to receive ether and therefore unable to send ether with the call executed in the execute function.
// @audit missing `payable` modifier function execute(address target, uint256 value, bool isScript, bytes calldata data) external returns (bool success, bytes memory result) { if (msg.sender != LLAMA_CORE) revert OnlyLlamaCore(); (success, result) = isScript ? target.delegatecall(data) : target.call{value: value}(data); }
Manual review
Add a payable modifier to LlamaExecutor#execute.
ETH-Transfer
#0 - c4-pre-sort
2023-06-19T11:11:23Z
0xSorryNotSorry marked the issue as duplicate of #255
#1 - c4-pre-sort
2023-06-19T11:13:18Z
0xSorryNotSorry marked the issue as not a duplicate
#2 - c4-pre-sort
2023-06-19T11:15:44Z
0xSorryNotSorry marked the issue as duplicate of #247
#3 - c4-judge
2023-07-02T10:29:15Z
gzeon-c4 marked the issue as satisfactory