Platform: Code4rena
Start Date: 01/08/2023
Pot Size: $91,500 USDC
Total HM: 14
Participants: 80
Period: 6 days
Judge: gzeon
Total Solo HM: 6
Id: 269
League: ETH
Rank: 76/80
Findings: 1
Award: $12.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: dd0x7e8
Also found by: Bughunter101, Fulum, Kaysoft, MatricksDeCoder, SanketKogekar, Sathish9098, T1MOH, Udsen, debo, fatherOfBlocks, grearlake, hpsb, j4ld1na, josephdara, parsely, pep7siup, piyushshukla, ravikiranweb3, shirochan
12.8772 USDC - $12.88
https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/helper/V3Proxy.sol#L156 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/helper/V3Proxy.sol#L174 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/helper/V3Proxy.sol#L192
Tokens will get stuck in contract and will make incorrect transfers.
The tokens are transfered using low-level call() function:
It did not verify the return data from the call, which might cause the contract to wrongly assume that the transfer went well although the it has actually failed silently in the background.
Manual
Add such type of check to each:
(bool status, bytes memory returnData) = target.call{value: msgValue}(callData); require(status, checkRevertMessage(returnData));
call/delegatecall
#0 - c4-pre-sort
2023-08-09T02:05:20Z
141345 marked the issue as duplicate of #481
#1 - c4-pre-sort
2023-08-09T09:26:12Z
141345 marked the issue as duplicate of #83
#2 - c4-judge
2023-08-20T17:11:37Z
gzeon-c4 marked the issue as satisfactory