DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Require should be used instead of assert.

0x7

Summary

require should be used instead of assert.

assert Statement:

Purpose: The primary purpose of assert is to check for conditions that should never be false. It is used to identify programming errors or bugs in your code.

Behavior: When an assert statement evaluates to false, it indicates a critical error or bug in your code. It will trigger an exception or error, causing the execution of the program (or the contract) to halt.

Usage: assert is typically used to catch and prevent situations that should never occur in a well-functioning program. It is often used for internal consistency checks.

require Statement:

Purpose: The primary purpose of require is to check for valid conditions or inputs provided by users or external systems. It is used to ensure that the requirements for a function's execution are met.

Behavior: When a require statement evaluates to false, it signifies an invalid input or condition provided by the caller. It will trigger an exception and revert the transaction or operation, undoing any state changes.

Usage: require is typically used to validate inputs and ensure that a function can execute safely. It is often used for user input validation and preconditions.

Vulnerability Details

function unstake(address to, uint256 amount) external onlyDiamond {
IRocketTokenRETH rocketETHToken = _getRethContract();
uint256 rethValue = rocketETHToken.getRethValue(amount);
uint256 originalBalance = address(this).balance;
rocketETHToken.burn(rethValue);
uint256 netBalance = address(this).balance - originalBalance;
if (netBalance == 0) revert NetBalanceZero();
(bool sent,) = to.call{value: netBalance}("");
//@audit use require instead of assert;
assert(sent);
}
assert can't be used here

Impact

suppose when the transaction has failed it leads to critical error

Tools Used

manual

Recommendations

use require instead of assert.
function unstake(address to, uint256 amount) external onlyDiamond {
IRocketTokenRETH rocketETHToken = _getRethContract();
uint256 rethValue = rocketETHToken.getRethValue(amount);
uint256 originalBalance = address(this).balance;
rocketETHToken.burn(rethValue);
uint256 netBalance = address(this).balance - originalBalance;
if (netBalance == 0) revert NetBalanceZero();
(bool sent,) = to.call{value: netBalance}("");
-- assert(sent);
++require(sent,"transaction failed");
}

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Gas optimizations

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.