Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-NOUNSDAO-FINDINGS-ISSUES-256
HistoryJul 13, 2023 - 12:00 a.m.

Unused returns on the ds. _withdraw(), NounsDAOLogicV3._withdraw(), and ds.executeFork()

2023-07-1300:00:00
Code4rena
github.com
5
vulnerability
impact
proof
mitigation
functions
validation
review
JSON

Lines of code
<https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOLogicV3.sol#L497-#L499&gt;
<https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOLogicV3.sol#L408-#L419&gt;

Vulnerability details

Impact

The return value of the external calls are not stores in a local variable or a state variable

Proof of Concept

The return values do not store the results in a store local or state variable. As a result, the computation have no effect.

Code:

NounsDAOLogicV3.getActions(uint256)
(contracts/governance/NounsDAOLogicV3.sol#408-419) ignores return value by ds.getActions(proposalId) (contracts/governance/NounsDAOLogicV3.sol#418)
NounsDAOLogicV3.executeFork()
(contracts/governance/NounsDAOLogicV3.sol#497-499) ignores return value by ds.executeFork() (contracts/governance/NounsDAOLogicV3.sol#498)
NounsDAOLogicV3._withdraw()
(contracts/governance/NounsDAOLogicV3.sol#786-788) ignores return value by ds._withdraw() (contracts/governance/NounsDAOLogicV3.sol#787)

Tools Used

Manual Review

Recommended Mitigation Steps

Ensure that all the return values of the function calls are used.

Assessed type

Invalid Validation

The text was updated successfully, but these errors were encountered:

All reactions

JSON