Lines of code
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L221&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L229&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L416&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L469&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L530&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L585&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L628&gt;
<https://github.com/code-423n4/2022-06-illuminate/blob/main/lender/Lender.sol#L654&gt;

Vulnerability details

Impact

Configuration

Check: unused-return
Severity: Medium
Confidence: Medium
Description: The return value of this external call is not stored in a local or state variable. Unused return values of function calls are indicative of programmer errors which may have unexpected behavior. (Total of nine instances of the particular vulnerability)

--Lender.mint(uint8,address,uint256,uint256) (Lender.sol#167-183) ignores return value by IERC5095(principalToken(u,m)).mint(msg.sender,a) (Lender.sol#178)

--Lender.lend(uint8,address,uint256,uint256,address) (Lender.sol#192-235) ignores return value by IERC5095(principalToken(u,m)).mint(msg.sender,returned) (Lender.sol#221)

--Lender.lend(uint8,address,uint256,uint256[],address,Swivel.Order[],Swivel.Components[]) (Lender.sol#247-305) ignores return value by ISwivel(swivelAddr).initiate(o,a,s) (Lender.sol#299)

--Lender.lend(uint8,address,uint256,uint256,uint256,uint256) (Lender.sol#377-420) ignores return value by IERC5095(illuminateToken).mint(msg.sender,returned) (Lender.sol#416)

--Lender.lend(uint8,address,uint256,uint256,uint256,uint256,address,address) (Lender.sol#433-473) ignores return value by illuminateToken.mint(msg.sender,returned) (Lender.sol#469)

--Lender.lend(uint8,address,uint256,uint128,uint256,address,address) (Lender.sol#486-534) ignores return value by illuminateToken.mint(msg.sender,returned) (Lender.sol#530)

--Lender.lend(uint8,address,uint256,uint256,uint256,address,address,uint256) (Lender.sol#545-589) ignores return value by IERC5095(principalToken(u,m)).mint(msg.sender,returned) (Lender.sol#585)

--Lender.lend(uint8,address,uint256,uint256) (Lender.sol#597-632) ignores return value by IERC5095(illuminateToken).mint(msg.sender,returned) (Lender.sol#628)

--Lender.yield(address,address,uint256,address) (Lender.sol#641-657) ignores return value by IYield(y).sellBase(r,returned) (Lender.sol#654)

#Proof of Concept

Example of unused return vulnerability:

contract MyConc{
using SafeMath for uint;
function my_func(uint c, uint b) public{
c.sub(b); } }

MyConc calls sub of SafeMath, but does not store the result in c. As a result, the computation has no effect.

Tools Used

Slither and hardhat

Recommended Mitigation Steps

Ensure that all the return values of the function calls are used.

---

The text was updated successfully, but these errors were encountered:

😕 1 KenzoAgada reacted with confused emoji

All reactions

• 😕 1 reaction