Use safeTransfer()/safeTransferFrom() instead of transfer()/transferFrom()
Summary
It is a good idea to add a require() statement that checks the return value of ERC20 token transfers or to use something like OpenZeppelin’s safeTransfer()/safeTransferFrom() unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contracts.
However, using require() to check transfer return values could lead to issues with non-compliant ERC20 tokens which do not return a boolean value. Therefore, it's highly advised to use OpenZeppelin’s safeTransfer()/safeTransferFrom()
Vulnerability Details
IERC20(loan.collateralToken).transfer(
loan.borrower,
loan.collateral
);
There are some lines of codes where we tranfer tokens like this way.
Impact
it may cause silent failures of transfers and affect token accounting in contracts.
Tools Used
Manual
Recommendations
it's highly advised to use OpenZeppelin’s safeTransfer()/safeTransferFrom()
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.