Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: low

Gas griefing/theft is possible on an unsafe external call

Summary

A low-level call will copy any amount of bytes to local memory. When bytes are copied from returndata to memory, the memory expansion cost is paid.This means that when using a standard solidity call, the callee can returnbomb the caller, imposing an arbitrary gas cost.Because this gas is paid by the caller and in the caller's context, it can cause the caller to run out of gas and halt execution.

Vulnerability Details

Instances (1):
File: ProxyFactory.sol

250: (bool success,) = proxy.call(data);

Impact

Tools Used

manual audit

Recommendations

Consider replacing all unsafe call with excessivelySafeCall

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.