Upgraded Q -> 2 from #314 [1702561397269] #1147
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-175
partial-25
Incomplete articulation of vulnerability; eligible for partial credit only (25%)
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
Dec 14, 2023
|
GalloDaSballo marked the issue as duplicate of #174 |
|
GalloDaSballo marked the issue as partial-25 |
c4-judge
added
the
partial-25
|
Valid dup
|
|
GalloDaSballo marked the issue as duplicate of #175 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #314 as 2 risk. The relevant finding follows:
[NC‑05]: Calling precompile contracts with delegatecall has inconsistent results
It is possible to call the precompile contracts with delegatecall. The results for the user vary depending on if an inner precompileCall() is made.
The opcode used precompileCall() will revert if the current address is not a system contract. Since msg.sender in a delegatecall will be the user contract it should be that the call to precompileCall() reverts.
However, the exact specifics of when precompileCall() will revert are not located on the contracts in scope and exist inside the VM. This assumes the desired functionality that precompileCall() will check the msg.sender rather than the address which contains the bytecode.
So, if we call EcAdd or EcMul with valid parameters it will succeed since precompileCall() is not triggered. However, if we call EcAdd or EcMul with invalid parameters then the burnGas() function is called and the delegatecall will revert. All other precompiles will fail since they make use of precompileCall().
The text was updated successfully, but these errors were encountered: