NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

Conditional Storage Checks Are Not Consistent Protocol.sol

Summary

In Protocol.sol, there is an inconsistency in the conditional checks related to storage variables. Specifically, the function canUseWithdrawAuto checks the header variable, but the conditional logic is not consistently applied throughout the codebase. Such inconsistencies can lead to off-by-one errors or unexpected behaviors.

Vulnerability Details

Location: Protocol.sol at line 54:

function canUseWithdrawAuto(uint256 header) internal pure returns (bool) {
return (header & WITHDRAW_AUTO) == WITHDRAW_AUTO;
}

The function checks if the WITHDRAW_AUTO flag is set in the header using the bitwise AND operation. While this check is valid, the inconsistency arises when similar storage checks are not uniformly applied in other parts of the code. Ensuring consistency in conditional checks is crucial to avoid logical errors and improve code predictability.

Impact

Severity: Low

  • Impact on the Protocol: While the current inconsistency may not directly compromise security, it can lead to maintenance issues, potential bugs, and difficulty in auditing. Consistent patterns ensure that the logic is predictable and help in avoiding subtle errors.

  • Likelihood of Exploitation: Low. The inconsistency itself does not pose an immediate threat but can evolve into more significant issues if not standardized.

Tools Used

Manual code review

Recommendations

Ensure consistency in storage checks by using a centralized method or standardizing conditional logic throughout the codebase.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.