Compound’s enterMarket/exitMarket functions return an error code instead of reverting in case of failure.
DeFi Saver smart contracts never check for the error codes returned from Compound smart contracts.
Caller contract should revert in case the error code is not 0
- ConsenSys DeFi Save Finding 5.3
- Error Handling
- Major Severity
- Function Return Values
- Unchecked Error Codes
- Check Error Code
- Revert if Necessary
- Youtube Reference
- Major severity finding from Consensys Diligence Audit of Defi Saver