Category: Business Logic
The updateFunctionCondition function does not check the return value of checkCondition
Low Severity
Low Impact
Low Likelihood
Description
According to the interface, the function checkCondition has a boolean return value.
interface IConditionM {
function checkCondition(address _contract, bytes4 _functionSignature, bytes memory data) external view returns (bool);
}The modifier conditionCheck will revert the transaction if checkCondition returns false.
modifier conditionCheck() {
address[] memory conditions = functionToConditions[msg.sig];
for (uint256 i; i < conditions.length; ++i) {
! if (!IConditionM(conditions[i]).checkCondition(address(this), msg.sig, "")) {
revert MetaVesTController_ConditionNotSatisfied(conditions[i]);
}
}
_;
}The function updateFunctionCondition uses checkCondition but does not check its return value.
function updateFunctionCondition(address _condition, bytes4 _functionSig) external onlyDao {
//call check condition to ensure the condition is valid
IConditionM(_condition).checkCondition(address(this), msg.sig, "");
functionToConditions[_functionSig].push(_condition);
emit MetaVesTController_ConditionUpdated(_condition, _functionSig);
}Impact
No matter what the checkCondition function returns, functionToConditions will be updated.
Recommendations
Check the return value of checkCondition to determine whether to revert the transaction.