ctf_sec - When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert
Closed this issue · 0 comments
sherlock-admin commented
ctf_sec
medium
When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert
Summary
When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert
Vulnerability Detail
The codebase use
require(condition check, error message);
to validate if the transaction can be executed logic by logic,
however, in a lot of require statement, the error message is missing, which makes both developer and users very difficult to figure out why the transaction revert
Impact
both developer and users have trouble and very big difficulty to figure out why the transaction revert.
Code Snippet
User will not know which steps goes wrong when transaction reverted.
require(success);
require(success);
require(msg.sender == NOTIONAL.owner());
require(block.timestamp - bpUpdatedAt <= maxOracleFreshnessInSeconds);
require(basePrice > 0); /// @dev: Chainlink Rate Error
require(block.timestamp - qpUpdatedAt <= maxOracleFreshnessInSeconds);
require(quotePrice > 0); /// @dev: Chainlink Rate Error
require(oraclePrice >= 0); /// @dev Chainlink rate error
require(oracleDecimals >= 0); /// @dev Chainlink decimals error
require(msg.sender == address(NOTIONAL));
require(msg.sender == address(NOTIONAL.owner()));
require(settlementSlippageLimit_ < SETTLEMENT_SLIPPAGE_PRECISION);
require(msg.sender == NOTIONAL.owner());
require(newSlippageLimit < SETTLEMENT_SLIPPAGE_PRECISION);
require(vaultState.isSettled == false);
require(vaultState.totalStrategyTokens >= strategyTokens);
require(account == address(this));
require(0 <= cashBalance && cashBalance <= int256(uint256(type(uint88).max)));
require(accountContext.hasDebt == 0x00);
require(!isIdiosyncratic);
require(fCashAmount <= uint256(type(uint88).max));
require(settings.oracleWindowInSeconds <= maxOracleQueryWindow);
require(settings.settlementCoolDownInMinutes <= BalancerConstants.MAX_SETTLEMENT_COOLDOWN_IN_MINUTES);
require(settings.postMaturitySettlementCoolDownInMinutes <= BalancerConstants.MAX_SETTLEMENT_COOLDOWN_IN_MINUTES);
require(settings.maxRewardTradeSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);
require(settings.balancerOracleWeight <= balancerOracleWeight);
require(settings.maxBalancerPoolShare <= BalancerConstants.VAULT_PERCENT_BASIS);
require(settings.settlementSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);
require(settings.postMaturitySettlementSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);
require(settings.emergencySettlementSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);
require(settings.feePercentage <= BalancerConstants.VAULT_PERCENT_BASIS);
require(settings.oraclePriceDeviationLimitPercent <= BalancerConstants.VAULT_PERCENT_BASIS);
require(maxOracleQueryWindow > 0 && maxOracleQueryWindow <= type(uint32).max);
require(tokens.length == 4);
require(primaryIndex != NOT_FOUND);
require(primaryDecimals <= 18);
require(secondaryDecimals <= 18);
require(tertiaryDecimals <= 18);
require(oracleEnabled);
require(primaryDecimals <= 18);
require(primaryDecimals <= 18);
Tool used
Manual Review
Recommendation
We recommend the project add the transaction reason in each require keywords.