Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

bulej93 - use abi.encodeCall instead of abi.encodeWithSelector #222

Closed
github-actions bot opened this issue Jan 25, 2023 · 0 comments
Closed

bulej93 - use abi.encodeCall instead of abi.encodeWithSelector #222

github-actions bot opened this issue Jan 25, 2023 · 0 comments
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@github-actions
Copy link

bulej93

medium

use abi.encodeCall instead of abi.encodeWithSelector

Summary

using abi.encodeWithSelector isnt type safe, the function will still execute with the wrong data types

Vulnerability Detail

if you pass in the wrong data types when using abi.encodeWithSelector the function will still run to completion and not return an error even though it failed.

Impact

the expected results wont appear because you wont be able to tell if the function worked or not

Code Snippet

https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/external/layer-zero/lzApp/NonblockingLzApp.sol#L25

Tool used

https://blog.soliditylang.org/2021/12/20/solidity-0.8.11-release-announcement/

OpenZeppelin/openzeppelin-contracts#3693
Manual Review

Recommendation

use abi.encodeCall
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Jan 25, 2023
@sherlock-admin sherlock-admin added the Non-Reward This issue will not receive a payout label Feb 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin