Dancing Ruby Bee
High
Silent Failure on Unsupported Asset Types in SimpleBudget#allocate(), clawback(), and disburse() Functions Could Result in Financial Issues for Integrators
The SimpleBudget contract has a critical issue where unsupported asset types are not handled as documented. Functions like allocate(), clawback(), and disburse() silently return false when dealing with unsupported assets instead of reverting the transaction. This discrepancy between the actual behavior and the expected behavior (as described in the inline documentation) can mislead integrators. They might implement error handling with try/catch blocks, assuming transactions will revert on failure, but since the contract does not revert for unsupported asset types, integrators could incorrectly assume that unsupported asset allocations, clawbacks, or disbursements are successful. This silent failure can lead to unintended financial outcomes, including asset mismanagement or loss.
The allocate, clawback, and disburse functions are designed to handle native assets (ETH), ERC20 tokens, and ERC1155 tokens. If an unsupported asset type is provided in the Transfer request, these functions return false without reverting the transaction or providing any error indication that would be caught in a try-catch block by integrators. This could lead to a misinterpretation by developers, who may assume the asset allocation or transfer was successful even though it was not.
The issue arises from the fact that while the inline documentation states that the expected functionality is that if an asset transfer fails, the allocation should revert, the functions instead silently return false when an unsupported asset type is provided.
Integrators using a try-catch mechanism for handling failed transactions may incorrectly interpret the absence of a revert as a successful asset allocation or transfer. This could lead to improper asset management, incorrect assumptions about allocated funds, and potential financial discrepancies in applications interacting with the budget.
Manual Review
To address this issue, it is recommended to modify the behavior for unsupported asset types in the allocate, clawback, and disburse functions to revert the transaction instead of returning false.