Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
39 lines (34 loc) · 1.29 KB

083.md

File metadata and controls

39 lines (34 loc) · 1.29 KB
Raw

koxuan

medium

try catch block in unlockOptions will only catch string errors

Summary

unlock is wrapped in a try and catch. However, this catches only require function errors and not reverts or other custom error.

Vulnerability Detail

            try
                optionsContract.unlock(params.optionId, params.priceAtExpiry)
            {} catch Error(string memory reason) {
                emit FailUnlock(params.optionId, reason);
                continue;
            }

Impact

An error caused by anything other than require statements in unlock will revert and therefore hard to debug without optionId.

Code Snippet

BufferRouter.sol#L225-L231

Tool used

Manual Review

Recommendation

Handle non string error, this lets user know which option is reverting.

            try
                optionsContract.unlock(params.optionId, params.priceAtExpiry)
            {} catch Error(string memory reason) {
                emit FailUnlock(params.optionId, reason);
                continue;
+            } catch Error(bytes memory reason) {
+               emit FailUnlockGeneric(params.optionId, reason);
+                continue;
+            }
        }