Lack of return value checks for transfer & transferFrom functions in setPool() as well as some other functions
Summary
Lack of return value checks for transfer & transferFrom functions in setPool() as well as some other functions.
Vulnerability Details
n/a
Impact
Risks:
setPool(): Transfers could fail but the following mapping still gets updated for lender as if transfers were successful:
pools[poolId] = p;addToPool(): if transferFrom fails the following still gets updated successfully:
_updatePoolBalance(poolId, pools[poolId].poolBalance + amount)removeFromPool(): if transfer fails the following still gets updated successfully:
_updatePoolBalance(poolId, pools[poolId].poolBalance - amount);
Tools Used
VSC, manual.
Recommendations
Some suggestions:
Perform Return Value Checks: Add appropriate return value checks for
transferandtransferFromfunctions insetPool(),addToPool(), andremoveFromPool()to ensure that transfers are successful before updating the mappings or state variables.Revert on Failure: If any transfer or transferFrom operation fails, revert the entire transaction to prevent inconsistent state changes.
Use SafeERC20 Library: Consider using a well-audited and tested SafeERC20 library to handle token transfers. This library provides safer implementations of ERC20 transfer functions with built-in return value checks and reverts on failure.
Handle Failure Scenarios: Implement appropriate error handling and recovery mechanisms for scenarios where transfers fail to gracefully handle potential exceptions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.