-
Notifications
You must be signed in to change notification settings - Fork 0
Assert instead require to validate user inputs #43
Copy link
Copy link
Open
Labels
1 (Low Risk)Assets are not at risk. State handling, function incorrect as to spec, issues with commentsAssets are not at risk. State handling, function incorrect as to spec, issues with commentsbugSomething isn't workingSomething isn't workingresolvedFinding has been patched by sponsor (sponsor pls link to PR containing fix)Finding has been patched by sponsor (sponsor pls link to PR containing fix)sponsor confirmedSponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Description
Metadata
Metadata
Assignees
Labels
1 (Low Risk)Assets are not at risk. State handling, function incorrect as to spec, issues with commentsAssets are not at risk. State handling, function incorrect as to spec, issues with commentsbugSomething isn't workingSomething isn't workingresolvedFinding has been patched by sponsor (sponsor pls link to PR containing fix)Finding has been patched by sponsor (sponsor pls link to PR containing fix)sponsor confirmedSponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
mics
Vulnerability details
From solidity docs: Properly functioning code should never reach a failing assert statement; if this happens there is a bug in your contract which you should fix.
With assert the user pays the gas and with require it doesn't. The ETH network gas isn't cheap and users can see it as a scam.
You have reachable asserts in the following locations (which should be replaced by require / are mistakenly left from development phase):