Rubicon contest - kenta's results

Lines of code

https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L356 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L374 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L434 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L451 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L491 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L548

Vulnerability details

Impact

transfer is no longer recommended for sending Ether. Use call instead of transfer to send ETH.

Proof of Concept

https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L356 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L374 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L434 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L451 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L491 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L548

Tools Used

code review (bool sent, ) = _to.call{value: _amount}(""); require(sent, "Failed to send Ether");

Lines of code

https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L202 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L251 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L274 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L303 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L320 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L348 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L377 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L406 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L419 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L471 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L486

Vulnerability details

Impact

The return value of ERC20 transfer and transferFrom must be checked whether the operation succeeded. You can also use SafeERC20 instead of checking the return value.

Proof of Concept

https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L202 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L251 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L274 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L303 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L320 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L348 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L377 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L406 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L419 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L471 https://github.com/code-423n4/2022-05-rubicon/blob/main/contracts/RubiconRouter.sol#L486

Tools Used

code review

Recommended Mitigation Steps

require(IERC20().transfer(), "ERROR_MESSAGE"); require(IERC20().transferFrom(), "ERROR_MESSAGE");