The _distribute function in the ProxyFactory contract uses a delegate call to execute logic on a proxy contract. However, the success of a delegate call is not accurately checked, leading to potential misunderstandings about the outcome of the delegate call.
This incorrect error handling could lead to developers and users wrongly assuming the success or failure of the delegate call, which may cause unintended consequences when interacting with the contract.
Deploy the ProxyFactory contract.
Deploy a proxy contract that reverts during a delegate call.
Call the _distribute function on the ProxyFactory contract with the proxy contract address.
The delegate call will fail, but the contract may not capture the failure due to the incorrect success check.
Use the abi.decode function to interpret the return data from the delegate call and properly handle success or failure. Since the delegate call will revert in case of an exception, the direct success check isn't necessary.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.