The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Return value of `transfer()` not checked (consider using safeTransfer)

ubl4nk

Summary

Return values of transfer() not checked, beside that even after checking the return value, some tokens may never return value (like USDT and others).

Vulnerability Details

Not all ERC20 implementations revert() when there's a failure in transfer(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually transfer anything:

File: contracts/LiquidationPool.sol
175: IERC20(_token.addr).transfer(msg.sender, _rewardAmount);

Github: [175]

File: contracts/LiquidationPoolManager.sol
40: eurosToken.transfer(protocol, eurosToken.balanceOf(address(this)));

Github: [40]

Impact

It may cause a situation where the protocol thinks the funds are transferred but actually not, and then it will cause a loss of funds.

Tools Used

Manual Review

Recommendations

Consider checking the return value of transfer if you are sure that the all tokens have a return value, otherwise consider using SafeERC20#safeTransfer.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

informational/invalid

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.