Platform: Code4rena
Start Date: 01/08/2023
Pot Size: $91,500 USDC
Total HM: 14
Participants: 80
Period: 6 days
Judge: gzeon
Total Solo HM: 6
Id: 269
League: ETH
Rank: 75/80
Findings: 1
Award: $12.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: dd0x7e8
Also found by: Bughunter101, Fulum, Kaysoft, MatricksDeCoder, SanketKogekar, Sathish9098, T1MOH, Udsen, debo, fatherOfBlocks, grearlake, hpsb, j4ld1na, josephdara, parsely, pep7siup, piyushshukla, ravikiranweb3, shirochan
12.8772 USDC - $12.88
https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L147-L158 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L160-L176 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/helper/V3Proxy.sol#L178-L194
Although this is similar to known findings M-14 (link to known findings M-14) , M-14 refers to a different contract (GeVault.sol), only has one instance indicated which is in that contract, and does not actually reference the .call function but the .deposit function of WETH.
The return value from the low-level calls to return any funds to the msg.sender after the swap function is not checked and can lead to loss of funds for the msg.sender if the call fails.
payable(msg.sender).call{value: amountOut}("");
Manual Audit
Check for success on the call.
(bool success,) = payable(msg.sender).call{value: amountOut}(""); require(success, "Return of funds failed");
call/delegatecall
#0 - c4-pre-sort
2023-08-10T05:44:32Z
141345 marked the issue as duplicate of #481
#1 - c4-pre-sort
2023-08-10T06:02:54Z
141345 marked the issue as duplicate of #83
#2 - c4-judge
2023-08-20T17:11:34Z
gzeon-c4 marked the issue as satisfactory