Use a safe transfer helper library for ERC20 transfers
Summary
Silently failing transfers due to use of transfer function of ERC20
Vulnerability Details
The ERC20 interface definition includes return values for most functions. These values indicate whether the action was successfully executed or not, although most implementations will revert for the case where the execution fails. The transfer() function will return a bool which is true if execution is successful and false if execution fails.
The contracts such as LiquidationPool and LiquidationPoolManager does not check these return values.
For ERC20 tokens which instead return false rather than reverting if a transfer fails, this would result in the protocol accounting for transfers which have not happened.
Impact
Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG. So the protocol simply won't work with tokens like that as the token.
Tools Used
Manual Review + Solodit
Recommendations
Use the OpenZepplin's safeTransfer and safeTransferFrom functions
Lead Judging Commences
unchecked-transfer
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.