Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: high

Using proxy.call(data) construct to perform a delegate call to a target contract.

Summary

When calling a contract either using delegateCall or Call make sure it reverts, you might not realize that an error occurred and might continue executing as if everything is fine.

Vulnerability Details

Delegate calls are a powerful way to interact with other contracts, they don't inherently propagate reverts from the target contract to the calling contract. This means that if the delegate call or call encounters a revert in the target contract, the calling contract might not be aware of it, leading to unexpected behavior or results.

Impact

Without proper revert propagation, your contract might make incorrect decisions based on the assumption of successful delegate calls. By implementing the recommended changes, you ensure that any issues or reverts in the target contract are immediately reflected in the calling contract, maintaining the integrity of your contract's logic.

Tools Used

VSCode, Remix

Recommendations

`if(proxy == address(0)) {
revert("Invalid proxy");
}

(bool success, bytes memory returnData) = proxy.delegatecall(data);
if (!success) {
assembly {
revert(add(returnData, 32), mload(returnData))
}
}`

I use proxy.delegatecall(data) instead of proxy.call(data). The delegatecall returns a boolean success value and a data field.
If the delegatecall encounters a revert in the target contract, the success value will be false, and the data field will contain the revert reason.

I then use assembly to extract the revert reason from the data field and revert the execution of the calling contract with the same reason. This ensures that any revert that happens in the target contract is properly propagated to the calling contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.