stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

HANDLING RETURN VALUES CORRECTLY WHEN MAKING EXTERNAL CALLS, ESPECIALLY IN TOKEN TRANSACTIONS, AVOIDS UNDESIRED BEHAVIORS IN A SMART CONTRACT

francohacker

Summary

"HANDLING RETURN VALUES CORRECTLY WHEN MAKING EXTERNAL CALLS, ESPECIALLY IN TOKEN TRANSACTIONS, AVOIDS UNDESIRED BEHAVIORS IN A SMART CONTRACT.

contracts/core/ccip/base/SDLPoolCCIPController.sol#52
contracts/core/ccip/base/SDLPoolCCIPController.sol#53
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#74
contracts/core/ccip/WrappedTokenBridge.sol#71
contracts/core/ccip/WrappedTokenBridge.sol#72
contracts/core/ccip/WrappedTokenBridge.sol#73

There are two similar vulnerabilities in the constructor of the SDLPoolCCIPController contract, specifically in lines 52-53. Both lines of code are related to calls to the approve function of token contracts, but with different tokens (linkToken and sdlToken) in each case.

Vulnerability Details

The vulnerability in both situations is identical: after making the external call to approve, the return value of the function is not stored in any local or state variable in the contract.

When making external function calls in Ethereum, especially in token contracts, it is crucial to handle and verify return values. These values can indicate whether the operation was successful or if an error occurred during execution.

Impact

The lack of return value handling can lead to issues if approval is not carried out correctly, resulting in malfunctions or unexpected errors in the contract. For example, if approval fails due to a token restriction or other reasons, the contract may continue its execution assuming that approval was successful, potentially resulting in undesired behaviors.

Tools Used

Audit Wizard, Slither, Chat GPT, Manual Review

Recommendations

Capture the return value: After making the approve call, it is essential to capture the return value in a local or state variable in the contract.

Verify the return value: Following the call, the return value should be checked to ensure that the approval operation was successful. This involves verifying if the return value indicates that the approval was carried out successfully, and if not, taking appropriate actions according to the contract's design, such as reverting operations or handling the error appropriately.

Handling return values from external calls is crucial to ensure the safe and correct operation of a smart contract, allowing for the detection and proper handling of potential errors or failures during the execution of external functions.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.