Use a safe transfer helper library for ERC20 transfers.
Summary
Since the IERC20 interface requires a boolean return value, attempting to transfer ERC20s with missing return values will revert.
Vulnerability Details:
In the function removeFromPool(bytes32 poolId,uint256 amount) we use the transfer() for transferring the loantokens and amount.But it may be the possibility of not succeeding in that case it will not revert the transaction either it will return the false only which not impact the function working.
POC:
function removeFromPool(bytes32 poolId, uint256 amount) external {
if (pools[poolId].lender != msg.sender) revert Unauthorized();
if (amount == 0) revert PoolConfig();
_updatePoolBalance(poolId, pools[poolId].poolBalance - amount);
// transfer the loan tokens from the contract to the lender
IERC20(pools[poolId].loanToken).transfer(msg.sender, amount);
}
Impact
Users can removeFromPool() and it can be possible that after the transferring of loan tokens the transfer is not succeed. So that the amount user pay for the token is waste.
Tools Used
Manual Check.
Recommendations
Use a safe transfer library like OpenZeppelin SafeERC20 to ensure consistent handling of ERC20 return values and abstract over inconsistent ERC20 implementations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.