The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unchecked Return Values in `returnUnpurchasedNative()` Function

yeahchibyke

Summary

Unchecked Return Values in returnUnpurchasedNative() Function

Vulnerability Details and Impact

The returnUnpurchasedNative() function in the smart contract uses the low-level .call() function.
The .call() function is used to send Ether from the contract to the manager. The return value of this function is a boolean indicating whether the call was successful. However, this return value is not checked, which means that if the call fails for any reason (for example, if the manager's balance is not enough), the function will proceed as if nothing went wrong. This could lead to unexpected behavior and potential loss of funds.

Recommendations

Always check the return value of .call(). If the call fails, the function should revert or handle the error in some other way.

function returnUnpurchasedNative(ILiquidationPoolManager.Asset[] memory _assets, uint256 _nativePurchased) private {
for (uint256 i = 0; i < _assets.length; i++) {
if (_assets[i].token.addr == address(0) && _assets[i].token.symbol != bytes32(0)) {
(bool _sent,) = manager.call{value: _assets[i].amount - _nativePurchased}("");
require(_sent, "Failed to send Ether");
}
}
}

In this modified function, if the .call() function fails, the require statement will cause the transaction to revert, and an error message will be included in the transaction receipt.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.