Absence of SafeERC20 for Token Transfers
Summary
A potential vulnerability has been identified in the contract where standard ERC20 functions are used for token transfers instead of the safer SafeERC20 library. The absence of SafeERC20 can lead to unexpected behaviors and potential loss of funds, especially when interacting with non-standard ERC20 tokens.
Vulnerability Details
ERC20 token standards have been known to have inconsistencies in their return values and behaviors. Some tokens might not return a boolean value on success as expected, while others might revert on failure. The SafeERC20 library was introduced to handle these inconsistencies and ensure that token transfers and interactions are consistent and safe.
The contract in question uses standard ERC20 functions like transfer and transferFrom, without the safeguards provided by SafeERC20. This makes the contract susceptible to issues when interacting with non-compliant or maliciously designed ERC20 tokens.
Impact
The contract might not handle certain token behaviors correctly, leading to failed transactions or unexpected outcomes.
Tools Used
Manual Review
Recommendations
Integrate the SafeERC20 library into the contract and replace all direct ERC20 function calls with their SafeERC20 counterparts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.