First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

The return value of an external call is not stored in a local or state variable

imth3ak

Summary

the function approveTo ignores the return value of the approve method, which could be a potential bug.

Vulnerability Details

Source Link:- https://github.com/Cyfrin/2023-11-Boss-Bridge/blob/dad104a9f481aace15a550cf3113e81ad6bdf061/src/L1Vault.sol#L19-L21

function approveTo(address target, uint256 amount) external onlyOwner {
@> token.approve(target, amount);
}

Impact

The impact of the issue is that the function approveTo could fail silently if the approve method returns false, which could indicate a problem with the token contract or the target address. This could result in an inconsistent state of the token balances and allowances, and cause unexpected behavior in the future. Therefore, it is important to use the return value of the function calls and check if they are valid.

Tools Used

  • slither

Recommendations

Ensure that all the return values of the function calls are used.

- token.approve(target, amount);
+ bool success = token.approve(target, amount); // Store the return value of approve
+ require(success, "L1Vault__ApproveFailed"); // Check if it is true
Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.