Return values of transfer()
not checked, beside that even after checking the return value, some tokens may never return value (like USDT and others).
Not all ERC20 implementations revert()
when there's a failure in transfer()
. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually transfer anything:
Github: [175]
Github: [40]
It may cause a situation where the protocol thinks the funds are transferred but actually not, and then it will cause a loss of funds.
Manual Review
Consider checking the return value of transfer
if you are sure that the all tokens have a return value, otherwise consider using SafeERC20#safeTransfer.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.