Summary

using a try catch in that way could introduce some DOS attacks as it gives it the power to affect the execution of our smart contract in case of errors. Malicious users could try to set some return values and have those affect the system

Vulnerability Details

we have to make this in such a way that when a transaction fails we are not going to allow it to affect execution of our contract in any way we just want to try catch it and if it fails we set our status and emit an event

Impact

execution of the contract will be affected in cases where we get unexpected errors as a malicious user could exploit this catch clause. a malicious user will say try to set the return value to something else that is not bytes say uint and have it affect the system

other instances
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXRebalance.sol#L114

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXRebalance.sol#L234

Tools Used

manual analysis

Recommendations

please not that this finding was inspired by Owen Thurm in his new advanced web 3 security course below is an excerpt where he talked of how this could cause DOS attacks

https://www.youtube.com/watch?v=DRZogmD647U&t=5186s

since you are not expecting to use any return values in this case, I would suggest your implementation to look like this