Unchecked Call Return Value Vulnerability
Unchecked Call Return Value Vulnerability
The Unchecked Call Return Value vulnerability occurs when a contract fails to check the success or failure of low-level calls such as call, delegatecall, and staticcall. Ignoring the return values of these calls can result in undetected errors, allowing attackers or unintended actions to succeed silently.
When the return value of a message call is not checked, the program continues execution even if the called contract throws an exception. If this call fails accidentally, or an attacker forces it to fail, it can lead to unexpected behavior in the subsequent program logic.
What is the impact of the Unchecked Call Return Value vulnerability?
External calls that are not properly checked can lead to transaction failures, preventing the intended operations from being completed successfully. This can result in the loss of funds, as the contract may proceed under the false assumption that the transfer or operation was successful. Additionally, it can lead to an incorrect contract state, making the contract vulnerable to further attacks and inconsistencies in its logic.
What actions should be taken?
If you choose to use low-level call methods, make sure to handle potential failures by properly checking the return value. Ensure that the results of external calls are thoroughly validated, and implement appropriate actions in case of failure to prevent unexpected behaviors and security vulnerabilities.
Our Recommendation:
References:
https://swcregistry.io/docs/SWC-104
