Insecure Use of Low-Level Call

Why is this important?

If the return value of a low-level message call is not checked then the execution will resume even if the called contract throws an exception. If the call fails accidentally or an attacker forces the call to fail, then this may cause unexpected behavior in the subsequent program logic.

Check Low-Level Call Return Value

Option A: Avoid Use of tx.origin

1. Go through the issues that GuardRails identified in the PR/MR

2. Identify the code that looks like this:

   someAddress.send(55);
   // this is doubly dangerous, as it will forward all remaining gas
   // and doesn't check for result
   someAddress.call.value(55)();
   // if deposit throws an exception, the raw call() will only return
   // false and transaction will NOT be reverted
   someAddress.call.value(100)(bytes4(sha3("deposit()")));

3. Change it to follow this pattern instead:

   if(!someAddress.send(55)) {
       // Add failure handling code here
   }
   ExternalContract(someAddress).deposit.value(100);

4. Test it

5. Ship it 🚢 and relax 🌴

More information:

• Smart Contract Weakness Classification (SWC 104)
• Common Weakness Enumeration (CWE-252)
• Smart Contract Best Practices - Handle Errors in External Calls