Unchecked return value of low-level call()/delegatecall()

[code423n4]

Lines of code

---

120, 141, 411, 184, 160, 189, 152, 444, 625, 638, 369, 169, 168, 174, 1045, 1071, 51, 79, 105

Vulnerability details

---

The function being called may revert, which will be indicated by the return value to call()/delegatecall(). If the return value is not checked, the code will continue on as if there was no error, rather than reverting with the error encountered.

File: contracts/TapiocaWrapper.sol

120          (success, result) = payable(_toft).call{value: msg.value}(_bytecode);
121          if (_revertOnFailure && !success) {
122              revert TapiocaWrapper__TOFTExecutionFailed(result);
123:         }

141              (success, results[i]) = payable(_call[i].toft).call{
142                  value: msg.value
143              }(_call[i].bytecode);
144              if (_call[i].revertOnFailure && !success) {
145                  revert TapiocaWrapper__TOFTExecutionFailed(results[i]);
146:             }

File: contracts/tOFT/BaseTOFT.sol

411          (success, returnData) = module.delegatecall(_data);
412          if (!success && !_forwardRevert) {
413              revert(_getRevertMsg(returnData));
414:         }

File: contracts/tOFT/modules/BaseTOFTLeverageModule.sol

184          (bool success, bytes memory reason) = module.delegatecall(
185              abi.encodeWithSelector(
186                  this.leverageDownInternal.selector,
187                  amount,
188                  swapData,
189                  externalData,
190                  lzData,
191                  leverageFor
192              )
193          );
194  
195          if (!success) {
196:             if (balanceAfter - balanceBefore >= amount) {

File: contracts/tOFT/modules/BaseTOFTMarketModule.sol

160          (bool success, bytes memory reason) = module.delegatecall(
161              abi.encodeWithSelector(
162                  this.borrowInternal.selector,
163                  _to,
164                  borrowParams,
165                  withdrawParams,
166                  approvals
167              )
168          );
169  
170          if (!success) {
171:             if (balanceAfter - balanceBefore >= borrowParams.amount) {

File: contracts/tOFT/modules/BaseTOFTOptionsModule.sol

189          (bool success, bytes memory reason) = module.delegatecall(
190              abi.encodeWithSelector(
191                  this.exerciseInternal.selector,
192                  optionsData.from,
193                  optionsData.oTAPTokenID,
194                  optionsData.paymentToken,
195                  optionsData.tapAmount,
196                  optionsData.target,
197                  tapSendData,
198                  approvals
199              )
200          );
201  
202          if (!success) {
203:             if (

File: contracts/tOFT/modules/BaseTOFTStrategyModule.sol

152          (bool success, bytes memory reason) = module.delegatecall(
153              abi.encodeWithSelector(
154                  this.depositToYieldbox.selector,
155                  assetId,
156                  amount,
157                  share,
158                  _erc20,
159                  address(this),
160                  onBehalfOf
161              )
162          );
163          if (!success) {
164              if (balanceAfter - balanceBefore >= amount) {
165:                 IERC20(address(this)).safeTransfer(onBehalfOf, amount);

File: contracts/Penrose.sol

444              (success[i], result[i]) = mc[i].call(data[i]);
445              if (forceSuccess) {
446                  require(success[i], _getRevertMsg(result[i]));
447:             }

File: contracts/markets/singularity/Singularity.sol

625          (success, returnData) = module.delegatecall(_data);
626          if (!success) {
627              revert(_getRevertMsg(returnData));
628:         }

638          (success, returnData) = module.staticcall(_data);
639          if (!success) {
640              revert(_getRevertMsg(returnData));
641:         }

File: contracts/usd0/BaseUSDO.sol

369          (success, returnData) = module.delegatecall(_data);
370          if (!success && !_forwardRevert) {
371              revert(_getRevertMsg(returnData));
372:         }

File: contracts/usd0/modules/USDOLeverageModule.sol

169          (bool success, bytes memory reason) = module.delegatecall(
170              abi.encodeWithSelector(
171                  this.leverageUpInternal.selector,
172                  amount,
173                  swapData,
174                  externalData,
175                  lzData,
176                  leverageFor
177              )
178          );
179  
180          if (!success) {
181:             if (balanceAfter - balanceBefore >= amount) {

File: contracts/usd0/modules/USDOMarketModule.sol

168          (bool success, bytes memory reason) = module.delegatecall(
169              abi.encodeWithSelector(
170                  this.lendInternal.selector,
171                  to,
172                  lendParams,
173                  approvals,
174                  withdrawParams
175              )
176          );
177  
178          if (!success) {
179:             if (balanceAfter - balanceBefore >= lendParams.depositAmount) {

File: contracts/usd0/modules/USDOOptionsModule.sol

174          (bool success, bytes memory reason) = module.delegatecall(
175              abi.encodeWithSelector(
176                  this.exerciseInternal.selector,
177                  optionsData.from,
178                  optionsData.oTAPTokenID,
179                  optionsData.paymentToken,
180                  optionsData.tapAmount,
181                  optionsData.target,
182                  tapSendData,
183                  approvals
184              )
185          );
186  
187          if (!success) {
188:             if (

File: contracts/Magnetar/MagnetarV2.sol

1045         (bool success, bytes memory returnData) = target.call(actionCalldata);
1046         if (!success && !allowFailure) {
1047             _getRevertMsg(returnData);
1048:        }

1071         (success, returnData) = module.delegatecall(_data);
1072         if (!success) {
1073             _getRevertMsg(returnData);
1074:        }

File: contracts/Multicall/Multicall3.sol

51               (result.success, result.returnData) = calli.target.call(
52                   calli.callData
53               );
54               if (!result.success) {
55                   _getRevertMsg(result.returnData);
56:              }

79               (result.success, result.returnData) = calli.target.call{value: val}(
80                   calli.callData
81               );
82               if (!result.success) {
83                   _getRevertMsg(result.returnData);
84:              }

File: contracts/curve/TricryptoLPStrategy.sol

105          (bool success, bytes memory response) = address(lpGauge).staticcall(
106              abi.encodeWithSignature("claimable_tokens(address)", address(this))
107          );
108          result = 0;
109          uint256 claimable = 0;
110:         if (success) {

Assessed type

---

other

[C4-Staff]

@CloudEllie Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

[C4-Staff]

@CloudEllie Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

[C4-Staff]

@CloudEllie Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.