Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing return value check in approve for approveToken function call #175

Closed
code423n4 opened this issue Feb 2, 2022 · 2 comments
Closed

Missing return value check in approve for approveToken function call #175

code423n4 opened this issue Feb 2, 2022 · 2 comments
Labels
0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working duplicate This issue or pull request already exists

Comments

@code423n4
Copy link
Contributor

Handle

SolidityScan

Vulnerability details

Description

The Return value of the external call is never checked and therefore may have issues if the external call is not successful.

Impact

Missing return value validations may have varied impacts on the smart contract depending upon the function logic. The function in which the external call is being called may fail and give inconsistent results.

PoC

Proof of Concept

The function approveToken at
https://github.com/code-423n4/2022-01-notional/blob/main/contracts/TreasuryManager.sol#L78-L80
does not handle the return statement for the call approve.
An approve call always returns true or false which is not handed in the function.

Recommended Mitigation Steps

Ideally, it is recommended to store the return value of the external call and validate it to see if the call failed or succeeded.
@code423n4 code423n4 added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working labels Feb 2, 2022
code423n4 added a commit that referenced this issue Feb 2, 2022
@code423n4
SolidityScan issue #175
c739ee9
@jeffywu jeffywu added the duplicate This issue or pull request already exists label Feb 6, 2022
@jeffywu
Copy link
Collaborator

jeffywu commented Feb 6, 2022

Duplicate #146

@pauliax
Copy link
Collaborator

pauliax commented Feb 12, 2022

A duplicate of #115

@pauliax pauliax added 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation and removed 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments labels Feb 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jeffywu @pauliax @code423n4 @CloudEllie