CCIP Pool Controller's cannot receive any ERC677
Summary
CCIP Pool Controller's doesn't comply with ERC677 standards which prevents them from supporting any ERC677 tokens.
Vulnerability Details
According to Eip 677, to transfer an ERC677 token one should use transferAndCall functionality of ERC677 tokens . Once the transfer has succeeded and the event is logged, the token calls onTokenTransfer(address,uint256,bytes) on the receiver with the sender, the amount approved, and additional bytes data as parameters. That is the receiver contract must have onTokenTransfer function in it as per this proposal :
https://github.com/ethereum/EIPs/issues/677
Problem is SDLPoolCCIPController.sol,SDLPoolCCIPControllerSecondary.sol & SDLPoolCCIPControllerPrimary.sol doesn't have onTokenTransfer making it incompatible to receive ERC677 token .
Impact
SDLPoolCCIPControllerSecondary.sol & SDLPoolCCIPControllerPrimary.sol contracts does not support receiving ERC677 token causing problems like paying fees(in LINK token[which is an ERC677 token]) etc.
Tools Used
Manual Review
Recommendations
Add onTokenTransfer function to SDLPoolCCIPController.sol .
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.