Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Incorrect Error Handling for Mapping Access

kaveyjoe

Description:

The _distribute function in the ProxyFactory contract uses a delegate call to execute logic on a proxy contract. However, the success of a delegate call is not accurately checked, leading to potential misunderstandings about the outcome of the delegate call.

Impact:

This incorrect error handling could lead to developers and users wrongly assuming the success or failure of the delegate call, which may cause unintended consequences when interacting with the contract.

Proof of Concept:

Deploy the ProxyFactory contract.
Deploy a proxy contract that reverts during a delegate call.
Call the _distribute function on the ProxyFactory contract with the proxy contract address.
The delegate call will fail, but the contract may not capture the failure due to the incorrect success check.

Recommendation:

Use the abi.decode function to interpret the return data from the delegate call and properly handle success or failure. Since the delegate call will revert in case of an exception, the direct success check isn't necessary.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.