using a try catch in that way could introduce some DOS attacks as it gives it the power to affect the execution of our smart contract in case of errors. Malicious users could try to set some return values and have those affect the system
we have to make this in such a way that when a transaction fails we are not going to allow it to affect execution of our contract in any way we just want to try catch it and if it fails we set our status and emit an event
execution of the contract will be affected in cases where we get unexpected errors as a malicious user could exploit this catch clause. a malicious user will say try to set the return value to something else that is not bytes say uint and have it affect the system
other instances
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXRebalance.sol#L114
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXRebalance.sol#L234
manual analysis
please not that this finding was inspired by Owen Thurm in his new advanced web 3 security course below is an excerpt where he talked of how this could cause DOS attacks
https://www.youtube.com/watch?v=DRZogmD647U&t=5186s
since you are not expecting to use any return values in this case, I would suggest your implementation to look like this
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.