Ethereum low-level functions call, delegatecall, and staticcall. These functions are used to interact with other smart contracts or accounts on the Ethereum blockchain.when you use these functions and the account you are trying to interact with does not exist, the functions will still return true as their first return value. This is by design in the Ethereum Virtual Machine (EVM).
function _distribute(address proxy, bytes calldata data) internal {
(bool success,) = proxy.call(data);
if (!success) revert ProxyFactory__DelegateCallFailed();
emit Distributed(proxy, data);
}
This behavior can have implications, particularly when transferring funds or assets between contracts or accounts. If you attempt to transfer funds to a non-existent account using one of these low-level functions, the function will still return true, indicating that the transaction was successful, even though no actual transfer occurred. This situation can result in funds seemingly "disappearing" since there is no error message or indication of the transfer failure.
As written in the solidity documentation, the low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.
Please find the documentation here: https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert-require-revert-and-exceptions
manual Review
Check before any low-level call that the address actually exists, for example before the low level call in the _distribute function you can check that the address is a contract by checking its code size.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.