ctf_sec - When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert

Question

ctf_sec - When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert

Closed this issue 2 years ago · 0 comments

ctf_sec

medium

When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert

Summary

When the transaction revert, the require check does not indicate the revert reason, which makes both developer and users very difficult to figure out why the transaction revert

Vulnerability Detail

The codebase use

require(condition check, error message);

to validate if the transaction can be executed logic by logic,

however, in a lot of require statement, the error message is missing, which makes both developer and users very difficult to figure out why the transaction revert

Impact

both developer and users have trouble and very big difficulty to figure out why the transaction revert.

Code Snippet

User will not know which steps goes wrong when transaction reverted.

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradeHandler.sol#L25

        require(success);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradeHandler.sol#L38

        require(success);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L47

        require(msg.sender == NOTIONAL.owner());

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L221

        require(block.timestamp - bpUpdatedAt <= maxOracleFreshnessInSeconds);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L222

        require(basePrice > 0); /// @dev: Chainlink Rate Error

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L225

        require(block.timestamp - qpUpdatedAt <= maxOracleFreshnessInSeconds);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L226

        require(quotePrice > 0); /// @dev: Chainlink Rate Error

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L244

        require(oraclePrice >= 0); /// @dev Chainlink rate error

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/TradingModule.sol#L245

        require(oracleDecimals >= 0); /// @dev Chainlink decimals error

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/BaseStrategyVault.sol#L39

        require(msg.sender == address(NOTIONAL));

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/BaseStrategyVault.sol#L44

        require(msg.sender == address(NOTIONAL.owner()));

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L103

        require(settlementSlippageLimit_ < SETTLEMENT_SLIPPAGE_PRECISION);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L108

        require(msg.sender == NOTIONAL.owner());

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L109

        require(newSlippageLimit < SETTLEMENT_SLIPPAGE_PRECISION);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L124

        require(vaultState.isSettled == false);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L125

        require(vaultState.totalStrategyTokens >= strategyTokens);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L254

            require(account == address(this));

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L259

            require(0 <= cashBalance && cashBalance <= int256(uint256(type(uint88).max)));

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L275

            require(accountContext.hasDebt == 0x00);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L304

        require(!isIdiosyncratic);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyfCashVault.sol#L305

        require(fCashAmount <= uint256(type(uint88).max));

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L30

        require(settings.oracleWindowInSeconds <= maxOracleQueryWindow);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L31

        require(settings.settlementCoolDownInMinutes <= BalancerConstants.MAX_SETTLEMENT_COOLDOWN_IN_MINUTES);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L32

        require(settings.postMaturitySettlementCoolDownInMinutes <= BalancerConstants.MAX_SETTLEMENT_COOLDOWN_IN_MINUTES);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L33

        require(settings.maxRewardTradeSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L34

        require(settings.balancerOracleWeight <= balancerOracleWeight);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L35

        require(settings.maxBalancerPoolShare <= BalancerConstants.VAULT_PERCENT_BASIS);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L36

        require(settings.settlementSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L37

        require(settings.postMaturitySettlementSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L38

        require(settings.emergencySettlementSlippageLimitPercent <= BalancerConstants.SLIPPAGE_LIMIT_PRECISION);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L39

        require(settings.feePercentage <= BalancerConstants.VAULT_PERCENT_BASIS);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/internal/BalancerVaultStorage.sol#L40

        require(settings.oraclePriceDeviationLimitPercent <= BalancerConstants.VAULT_PERCENT_BASIS);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/BalancerOracleMixin.sol#L17

        require(maxOracleQueryWindow > 0 && maxOracleQueryWindow <= type(uint32).max);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/Boosted3TokenPoolMixin.sol#L50

        require(tokens.length == 4);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/Boosted3TokenPoolMixin.sol#L71

        require(primaryIndex != NOT_FOUND);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/Boosted3TokenPoolMixin.sol#L85

        require(primaryDecimals <= 18);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/Boosted3TokenPoolMixin.sol#L92

        require(secondaryDecimals <= 18);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/Boosted3TokenPoolMixin.sol#L99

        require(tertiaryDecimals <= 18);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/MetaStable2TokenVaultMixin.sol#L19

        require(oracleEnabled);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/TwoTokenPoolMixin.sol#L58

        require(primaryDecimals <= 18);

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/balancer/mixins/TwoTokenPoolMixin.sol#L65

        require(primaryDecimals <= 18);

Tool used

Manual Review

Recommendation

We recommend the project add the transaction reason in each require keywords.