require()/revert() should be used instead of assert()
Summary
Prior to solidity version 0.8.0, hitting an assert consumes the remainder of the transaction’s available gas rather than returning it, as require()/revert() do. assert() should be avoided even past solidity version 0.8.0 as its documentation states that “The assert function creates an error of type Panic(uint256). … Properly functioning code should never create a Panic, not even on invalid external input. If this happens, then there is a bug in your contract which you should fix”.
Vulnerability Details
https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/bridges/BridgeReth.sol#L106
https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/libraries/LibAsset.sol#L16
https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/MarginCallSecondaryFacet.sol#L87
Impact
The assert function creates an error of type Panic(uint256). … Properly functioning code should never create a Panic, not even on invalid external input
Tools Used
Manual Review
Recommendations
require()/revert() should be used instead of assert().
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.