The contract does not check the code size of token addresses, which may lead to fund losses.
The contract does not check the code size of token addresses, which may lead to fund losses.If transferFrom() are called on a token address that doesn't have a contract in it, it will always return success, bypassing the return value check.This could lead to users minting tokens for free or cause significant fund losses.This is the reference link to the previous :https://github.com/sherlock-audit/2022-11-bond-judging/issues/8
Hence this may lead to miscalculation of funds and may lead to loss of funds.
vscode
Use openzeppelin's safeERC20 or implement a code existence check
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.