Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-12-PREPO-FINDINGS-ISSUES-326
HistoryDec 12, 2022 - 12:00 a.m.

depositAndTrade::exactInputSingleParams the possible return values not checked

2022-12-1200:00:00
Code4rena
github.com
10
vulnerability
impact
code
return values
proof of concept
mitigation
JSON

Lines of code

Vulnerability details

Impact

The return values ​​from _collateral.deposit() and _collateral.transferFrom() are not used. This means that the values ​​returned by those functions will not be stored or used in the code. The _swapRouter.exactInputSingle() function also likely returns no value, so no value can be returned by that code.
<https://github.com/prepo-io/prepo-monorepo/blob/3541bc704ab185a969f300e96e2f744a572a3640/apps/smart-contracts/core/contracts/DepositTradeHelper.sol#L31-L33&gt;

Proof of Concept

exactInputSingleParams object of type ISwapRouter.ExactInputSingleParams and calls the _swapRouter.exactInputSingle() function with that object as the argument. However, because there is no information about the possible data types returned by the _swapRouter.exactInputSingle() function,the possible return values.

Tools Used

Manual Review

Recommended Mitigation Steps

consideration returns _swapRouter.exactInputSingle(exactInputSingleParams);

The text was updated successfully, but these errors were encountered:

All reactions

JSON