Submission Details
Severity:
Unsafe use of `transfer()` with `IERC20`
Summary
Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens.
It is not implemnted safely at LiquidationPoolManager.forwardRemainingRewards() and LiquidationPool.claimRewards()
Vulnerability Details
-
For example Tether (USDT)'s transfer() and transferFrom() functions do not return booleans as the specification requires, and instead have no return value.
-
Consider using OpenZeppelin’s SafeERC20's safeTransfer()/safeTransferFrom() instead
Impact
LOW
Tools Used
Manual review
Recommendations
function forwardRemainingRewards(ITokenManager.Token[] memory _tokens) private {
for (uint256 i = 0; i < _tokens.length; i++) {
ITokenManager.Token memory _token = _tokens[i];
if (_token.addr == address(0)) {
uint256 balance = address(this).balance;
if (balance > 0) {
(bool _sent,) = protocol.call{value: balance}("");
require(_sent);
}
} else {
uint256 balance = IERC20(_token.addr).balanceOf(address(this));
- if (balance > 0) IERC20(_token.addr).transfer(protocol, balance);
+ if (balance > 0) IERC20(_token.addr).safeTransfer(protocol, balance);
}
}
}
Updates
Lead Judging Commences
hrishibhat almost 2 years ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
unchecked-transfer
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933
USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.