The contract assumes a function call succeeded without verifying, potentially leading to state inconsistencies or incorrect balance assumptions if the call actually failed.
Game
What's wrong with the assumptions made by this contracts author?
// SPDX-License-Identifier: MIT
// Open me in VSCode and really think before opening the hints!
// Add @audit tags wherever suspicious
// Go to the solidity docs to complete missing knowledge of what's happening here
// Solve by drafting a fix!
pragma solidity ^0.8.0;
interface IExternalContract {
function doSomething() external returns (bool);
}
contract FalsePositiveGame {
IExternalContract public externalContract;
constructor(address _externalContract) {
externalContract = IExternalContract(_externalContract);
}
// Function that assumes success without verifying
function executeAction() public {
bool success = externalContract.doSomething();
if (!success) {
// Assume the action succeeded
}
// Continue execution assuming the external call succeeded
}
}
Consider what would happen if doSomething returns false. How does executeAction handle this outcome?
Does it account for failure explicitly, or does it continue regardless?
Think about how you might use the require or revert statements to enforce stricter handling of failure cases.
function executeAction() public {
bool success = externalContract.doSomething();
require(success, "External action failed"); // Fix: Explicitly require success
}