6 matches found
Lack of a contract existence check may lead to undefined behavior
Lines of code Vulnerability details Impact Low-level calls call/delegatecall/staticcall return true even if the account called is non-existent per EVM design. Solidity documentation warns: “The low-level functions call, delegatecall and staticcall return true as their first return value if the...
Lack of check for contract existance can cause loss of funds during transfers
Lines of code Vulnerability details Impact The current transfers will not check if the to address is for an existing token contract. This can cause loss of funds if an user attempts to make a swap for a tokens added to a pool and destructed later. Proof of Concept TokenA gets added to a pool The...
Options can be sold for tokens that have been destructed
Lines of code Vulnerability details Unlike OpenZeppelin's safeTransfer, solmate's version of the function does not check for contract existence before its low level calls are made. The foot-gun associated with this difference is that it's up to the caller to verify that the contract exists before...
Failed transfer with low level call could be overlooked
Handle harleythedog Vulnerability details Impact In LaunchEvent.sol, the function safeTransferAVAX is as follows: function safeTransferAVAXaddress to, uint256 value internal bool success, = to.callvalue: valuenew bytes0; requiresuccess, "LaunchEvent: avax transfer failed"; This function is utiliz...
Failed transfer with low level call could be overlooked
Handle harleythedog Vulnerability details Impact There are several places where low level call is used within the contract. In particular, in SavingsAccount.sol, the external withdraw function has the to argument, which is eventually used in this code in transfer: bool success, = to.callvalue:...
Actual yield source check on address will succeed for non-existent contract
Handle 0xRajeev Vulnerability details Impact Low-level calls call/delegatecall/staticcall return true even if the account called is non-existent per EVM design. Solidity documentation warns: "The low-level functions call, delegatecall and staticcall return true as their first return value if the...