Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detector: Return bomb #645

Merged
merged 3 commits into from
Aug 6, 2024
Merged

Detector: Return bomb #645

merged 3 commits into from
Aug 6, 2024

Conversation

TilakMaddy
Copy link
Contributor

@TilakMaddy TilakMaddy commented Aug 3, 2024

Severity: Low

It looks for cases where there has been an unchecked address to which we send calldata and then decode the returndata without specifying a gas limit.

So all cases where

  • Gas limit is set in the call are all considered safe
  • Gas limit is not set, however the call is made to an address that is a state variable, is also considered safe
  • Gas limit is not set, but there have been at least some checks to addresses in the function somewhere is also considered safe (to avoid false positives)

We capture, the cases where

  • Gas limit is not set + no checks on any address + we decode the second element in the (bool success, bytes memory data)
    The assumption is that it triggers returndatacopy and if the callee is malicious this may lead to OOG error and therefore not proceed with the remaining lines of code following the call.

@TilakMaddy TilakMaddy marked this pull request as ready for review August 3, 2024 14:20
@TilakMaddy TilakMaddy requested a review from alexroan as a code owner August 3, 2024 14:20
@alexroan alexroan merged commit c08f1cf into dev Aug 6, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants