Last updated
Was this helpful?
Submitted on Mar 6th 2024 at 15:16:49 UTC by @Kenzo for
Report ID: #29073
Report type: Smart Contract
Report severity: Insight
Target: https://etherscan.io/address/0x3C28B7c7Ba1A1f55c9Ce66b263B33B204f2126eA#code
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
The function timelock::executeTransaction Executes a transaction after the delay period for Operations Multisig and Community multisig can execute transactions without any delay. Expected behavior is that the function should revert if the call to the target contract fails. If the target contract with no contract code added or yet to be deployed is set as input of timelock::executeTransaction, the function won't revert which is not ideal behavior of the function. Similar issue was found with OZ: https://github.com/OpenZeppelin/openzeppelin-contracts/issues/3874
Transactions with contracts that are yet to deploy like new tokens whose address can be predetermined at risk while interacting with this contract.
timelock::executeTransaction will execute invalid transaction successfully instead of failing on non-existent contract.
Funds can be lost in some scenario.
Low Severity as the function is being controlled by the OPERATIONS_MULTISIG and COMMUNITY_MULTISIG.
Consider adding contract existence check on timelock.executeTransaction.
POC is attached.
The POC can be run by placing the following code in PufferTest.integration.t.sol and running this command: forge test --mt test_call_to_unknown_contract -vv
Output:
