Steadefi

Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Submission Details
Severity: high
Invalid

Unchecked Returns of external function calls will cause inconsistent contract state

Summary

The GMXDeposit contract does not check the return values of multiple external function calls, including functions such as safeTransfer and deposit. Failing to check return values can lead to unexpected behavior if these functions fail. Proper error handling is essential to ensure the contract's reliability and security.

Vulnerability Details

  • In the deposit function, the code does not check the return value of safeTransfer. If the transfer operation fails (e.g., due to out-of-gas or other issues), the contract does not handle this failure, potentially leaving the contract in an inconsistent state.

IERC20(dp.token).safeTransferFrom(msg.sender, address(this), dp.amt);

-Similar issues can be found in various parts of the contract where external function calls are not properly checked for success.

Impact

It may result in assets being locked in the contract without proper accounting, leading to loss of funds and potential disruptions in the contract's functionality.

Tools Used

Foundry- manual code review

Recommendations

Check the return values of external function calls and take appropriate actions if a function call fails.

if (!IERC20(dp.token).safeTransferFrom(msg.sender, address(this), dp.amt)) {
revert("Transfer failed");
}

Implement a comprehensive error-handling strategy that covers different failure scenarios, ensuring that the contract remains in a consistent and secure state even in the presence of unexpected errors.

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.