Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Return values of `transfer()`/`transferFrom()` not checked

Rolezn

Summary

Not all IERC20 implementations revert() when there's a failure in transfer()/transferFrom(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually making a payment

Proof Of Concept

File: Fees.sol
43: IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Fees.sol#L43

File: Lender.sol
152: IERC20(p.loanToken).transferFrom(
159: IERC20(p.loanToken).transfer(

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L152

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L159

File: Lender.sol
187: IERC20(pools[poolId].loanToken).transferFrom(

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L187

File: Lender.sol
203: IERC20(pools[poolId].loanToken).transfer(msg.sender, amount);

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L203

File: Lender.sol
267: IERC20(loan.loanToken).transfer(feeReceiver, fees);
269: IERC20(loan.loanToken).transfer(msg.sender, debt - fees);
271: IERC20(loan.collateralToken).transferFrom(
663: IERC20(loan.collateralToken).transferFrom(

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L267

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L269

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L271

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L663

File: Lender.sol
317: IERC20(loan.loanToken).transferFrom(
323: IERC20(loan.loanToken).transferFrom(
642: IERC20(loan.loanToken).transferFrom(
329: IERC20(loan.collateralToken).transfer(
563: IERC20(loan.collateralToken).transfer(
565: IERC20(loan.collateralToken).transfer(
670: IERC20(loan.collateralToken).transfer(

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L317

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L323

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L642

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L329

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L563

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L565

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L670

File: Lender.sol
403: IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);
505: IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);
656: IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L403

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L505

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L656

File: Staking.sol
39: TKN.transferFrom(msg.sender, address(this), _amount);

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L39

File: Staking.sol
49: TKN.transfer(msg.sender, _amount);

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L49

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.