stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unchecked Return Values

yeahchibyke

Summary

Unchecked return values in distributeRewards() function

Vulnerability Details

In the distributeRewards() function, the return value of ISDLPoolPrimary(sdlPool).withdrawRewards(tokens); is not checked.

Impact

In the distributeRewards() function, the function ISDLPoolPrimary(sdlPool).withdrawRewards(tokens); is called without checking its return value. If this function call fails for any reason (e.g., due to a bug in the external contract or because of an error condition), the distributeRewards() function would continue executing as if nothing went wrong, potentially leading to incorrect state updates or other issues.

Recommendations

Always check the return value of external calls. If the function returns a boolean, you can use a require statement to ensure that the call was successful. If the function returns an error code, you can decode the returned data and handle different error codes appropriately.

function distributeRewards() external onlyRewardsInitiator {
uint256 totalRESDL = ISDLPoolPrimary(sdlPool).effectiveBalanceOf(address(this));
address[] memory tokens = ISDLPoolPrimary(sdlPool).supportedTokens();
uint256 numDestinations = whitelistedChains.length;
// Check the return value of the withdrawRewards call
(bool success, bytes memory data) = address(ISDLPoolPrimary(sdlPool)).call(abi.encodeWithSignature("withdrawRewards(address[])", tokens));
require(success, "withdrawRewards call failed");
// Rest of the function...
}
Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.