Omniscia 0xPhase Audit
CallLib Manual Review Findings
CallLib Manual Review Findings
CLB-01M: Weak Validation of Call Result
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | CallLib.sol:L79-L81 |
Description:
The CallLib::verifyCallResult function in use by its function-calling methods does not validate the result adequately. In detail, the CallLib::verifyCallResult will "succeed" when validating a call made to a non-contract address which is incorrect.
Impact:
Calls performed via the CallLib to non-contract addresses with no return signature in the function interface utilized would execute "successfully" even though no code was actually executed.
Example:
67/// @notice Verifies if a contract call succeeded68/// @param success If the call itself succeeded69/// @param result The result of the call70/// @param target The called contract71/// @param method The method type, call or delegateCall72/// @return The result of the call73function verifyCallResult(74 bool success,75 bytes memory result,76 address target,77 string memory method78) internal pure returns (bytes memory) {79 if (success) {80 return result;81 }82
83 if (result.length == 0)84 revert(85 string.concat(86 "CallLib: Function ",87 method,88 " reverted silently for ",89 Strings.toHexString(target)90 )91 );92
93 // solhint-disable-next-line no-inline-assembly94 assembly {95 revert(add(32, result), mload(result))96 }97}Recommendation:
We advise the CallLib::verifyCallResult to introduce new code in its success conditional that evaluates whether result.length is 0 and in such a case ensures that the target address has a non-zero code size (i.e. target.code.length > 0).
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
The code was updated to properly evaluate that the target represents a smart contract if no return data was yielded and a successful execution was signalled, alleviating this exhibit.