Unchecked Return Value
Summary
The function makes external calls to the transferFrom and transfer methods to an ERC20 contract without checking the return values of these calls.
Vulnerability Details
This means that these calls could fail silently, without your contract being aware of it.
Impact
If the return values of the transferFrom and transfer calls are not checked, the contract may incorrectly assume that the token transfers were successful, even when they were not.
This can lead to severe consequences such as:
Loss of funds: If a repayment transfer fails but the contract behaves as though it succeeded, the funds to be repaid could essentially be lost. The contract would be behaving as though the loan was repaid and the loan record would be deleted, but the repayment funds would not actually have been transferred. This discrepancy can lead to loss of funds.
Inconsistent contract state: The contract could end up in an inconsistent state if it proceeds with later operations under the assumption that previous transfers were successful. For example, the contract transfers the collateral back to the borrower even if the repayment wasn't successful. This could allow users to retrieve their collateral without properly repaying their loans.
Tools Used
Manual
Recommendations
Use SafeERC20 from OpenZeppelin
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.